<< Back
CVE Number Vulnerability Product Severity Date
MS14-076 Vulnerability in Internet Information Services (IIS) Could Allow Security Feature Bypass (2982998) Windows 8 Important 12-11-2014

Technical Information

Brief overview of the risk:
This security update resolves a privately reported vulnerability in Microsoft Internet Information Services (IIS) that could lead to a bypass of the “IP and domain restrictions” security feature. Successful exploitation of this vulnerability could result in clients from restricted or blocked domains having access to restricted web resources.

Detailed Information on the risk:

A security feature bypass vulnerability exists in Microsoft Information Services (IIS) that is caused when incoming web requests are not properly compared against the “IP and domain restriction” filtering list.


Further information on this exploit is available at : MS14-076

Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012
Windows Server 2012 R2

Affected Software

Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012
Windows Server 2012 R2