Microsoft has released a patch that eliminates a security vulnerability in a component that ships as part of Microsoft
Windows 2000. The vulnerability could a malicious web site operator to learn the names and properties of file and folders on the machine of a visiting user.
Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-098.asp
Affected Software Versions
Index Server 2.0
Indexing Service 3.0
Note: Index Server 2.0 ships as part of the Windows NT 4.0 Option Pack. Indexing Service 3.0 ships as part of all versions of Windows 2000.
Patch Availability
Indexing Service 3.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26595
Note: As discussed in the FAQ, a patch has not been provided for Index Server 2.0, because this product should only be installed on web servers, which should never be used for browsing the Internet.
Note: This patch can be applied to systems running Windows 2000 Gold or Service Pack 1. It will be included in Windows 2000 Service Pack 3.
Windows 2000. The vulnerability could a malicious web site operator to learn the names and properties of file and folders on the machine of a visiting user.Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-098.asp
Affected Software Versions
Index Server 2.0
Indexing Service 3.0
Note: Index Server 2.0 ships as part of the Windows NT 4.0 Option Pack. Indexing Service 3.0 ships as part of all versions of Windows 2000.
Patch Availability
Indexing Service 3.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26595
Note: As discussed in the FAQ, a patch has not been provided for Index Server 2.0, because this product should only be installed on web servers, which should never be used for browsing the Internet.
Note: This patch can be applied to systems running Windows 2000 Gold or Service Pack 1. It will be included in Windows 2000 Service Pack 3.
