Microsoft has released a patch that eliminates a security vulnerability in a component that ships as part of Microsoft® Windows® 2000. The vulnerability could a malicious web site operator to learn the names and properties of file and folders on the machine of a visiting user.
Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-098.asp
Affected Software Versions
Index Server 2.0
Indexing Service 3.0
Note: Index Server 2.0 ships as part of the Windows NT 4.0 Option Pack. Indexing Service 3.0 ships as part of all versions of Windows 2000.
Patch Availability
Indexing Service 3.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26595
Note: As discussed in the FAQ, a patch has not been provided for Index Server 2.0, because this product should only be installed on web servers, which should never be used for browsing the Internet.
Note: This patch can be applied to systems running Windows 2000 Gold or Service Pack 1. It will be included in Windows 2000 Service Pack 3.
Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-098.asp
Affected Software Versions
Index Server 2.0
Indexing Service 3.0
Note: Index Server 2.0 ships as part of the Windows NT 4.0 Option Pack. Indexing Service 3.0 ships as part of all versions of Windows 2000.
Patch Availability
Indexing Service 3.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26595
Note: As discussed in the FAQ, a patch has not been provided for Index Server 2.0, because this product should only be installed on web servers, which should never be used for browsing the Internet.
Note: This patch can be applied to systems running Windows 2000 Gold or Service Pack 1. It will be included in Windows 2000 Service Pack 3.
