Severity Rating: Important
Revision Note: V1.1 (December 19, 2014): V1.1 (December 19, 2014): Bulletin revised to include Windows 2012 Server Core installation and Windows 2012 R2 Server Core installation as affected software.
Summary: This security update resolves a privately reported vulnerability in Internet Microsoft Information Services (IIS) that could lead to a bypass of the "IP and domain restrictions" security feature. Successful exploitation of this vulnerability could result in clients from restricted or blocked domains having access to restricted web resources.

More...