MS09-020 is not categorized as virus, worm, Trojan or backdoor. It is a group of important vulnerabilities in Internet Information Services, which allows local privilege escalation in the vulnerable computer.
The affected components are:
- Internet Information Services 5.0 on Windows 2000.
- Internet Information Services 5.1 on Windows XP.
- Internet Information Services 6.0 on Windows 2003/XP.
If exploited successfully, MS09-020 allows to gain unauthorized privileges on a computer or network. An example of privilege elevation would be an unprivileged user who could manage to be added to the Administrator's group. In such case, the hacker could take complete control of the system: create, modify or delete files, install programs, create new user accounts, etc.
This vulnerability is exploited by running a specially crafted HTTP request to a website that requires authentication.
If you have any of the vulnerable components installed on your computer, it is recommended to download and apply the security patch for this vulnerability. Click here to access the web page for downloading the patch.