IIS 4.0 SSL ISAPI Filter Can Leak Single Buffer of Plaintext (244613)


The information in this article applies to:

  • Microsoft Internet Information Server 4.0
This article was previously published under Q244613

SYMPTOMS

Unencrypted data may appear in the Secure Sockets Layer (SSL) package under heavy load if an ISAPI filter is programmed in such a way that it sends and receives data at the same time for the same connection.

RESOLUTION

Windows NT 4.0

A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem.

To resolve this problem, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The following files are available for download from the Microsoft Download Center:

x86: DownloadDownload Sslune4i.exe now

Alpha: DownloadDownload Sslune4a.exe now

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. The English version of this fix should have the following file attributes or later:
   Date      Time     Version     Size    File name     Platform
   -------------------------------------------------------------
   10/26/99  10:09a   4.02.0728   329,024 Asp.dll       (x86)
   10/26/99  09:18a   4.02.0728    11,396 Httpext.h     (x86)
   10/26/99  10:07a   4.02.0728   184,736 Infocomm.dll  (x86)
   10/26/99  10:08a   4.02.0728    11,248 Iwrps.dll     (x86)
   10/26/99  10:08a   4.02.0728    38,256 Ssinc.dll     (x86)
   10/26/99  10:08a   4.02.0728    25,360 Sspifilt.dll  (x86)
   10/26/99  10:08a   4.02.0728   228,464 W3svc.dll     (x86)
   10/26/99  10:07a   4.02.0728    87,504 Wam.dll       (x86)

   10/26/99  10:09a   4.02.0728   549,648 Asp.dll       (Alpha)
   10/26/99  09:22a   4.02.0728    11,396 Httpext.h     (Alpha)
   10/26/99  10:07a   4.02.0728   303,888 Infocomm.dll  (Alpha)
   10/26/99  10:08a   4.02.0728    16,656 Iwrps.dll     (Alpha)
   10/26/99  10:08a   4.02.0728    60,176 Ssinc.dll     (Alpha) 
   10/26/99  10:09a   4.02.0728    39,696 Sspifilt.dll  (Alpha)
   10/26/99  10:08a   4.02.0728   383,760 W3svc.dll     (Alpha)
   10/26/99  10:08a   4.02.0728   149,264 Wam.dll       (Alpha)

Microsoft Windows NT Server version 4.0, Terminal Server Edition

To resolve this problem, obtain the Windows NT Server 4.0, Terminal Server Edition, Security Rollup Package (SRP). For additional information about the SRP, click the article number below to view the article in the Microsoft Knowledge Base:

317636 Windows NT Server 4.0, Terminal Server Edition, Security Rollup Package

STATUS

Microsoft has confirmed that this is a problem in Internet Information Server 4.0.
Modification Type:MinorLast Reviewed:9/2/2005
Keywords:kbbug kbfix kbgraphxlinkcritical kbSecurity KB244613
©2004 Microsoft Corporation. All rights reserved.