Microsoft has released a patch that eliminates a security vulnerability in an optional service that ships with Microsoft Windows NT 4.0 and Windows 2000 Servers. The vulnerability could allow a malicious user to execute hostile code on a remote server that is running the service.
Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-094.asp
Affected Software Versions
Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0 Server, Enterprise Edition
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
NOTE: The Phone Book Service can only be installed on IIS 4 or IIS 5 servers.
Patch Availability
Microsoft Windows NT 4.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26193
Microsoft Windows 2000:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25531
NOTE: The NT 4.0 fix can be applied to systems running NT 4.0 Service Pack 6a. This fix will be included in NT 4.0 Service Pack 7. The Windows 2000 fix can be applied to Windows 2000 Gold or Service Pack 1. This fix will be included in Windows 2000 Service Pack 2.
Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-094.asp
Affected Software Versions
Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0 Server, Enterprise Edition
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
NOTE: The Phone Book Service can only be installed on IIS 4 or IIS 5 servers.
Patch Availability
Microsoft Windows NT 4.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26193
Microsoft Windows 2000:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25531
NOTE: The NT 4.0 fix can be applied to systems running NT 4.0 Service Pack 6a. This fix will be included in NT 4.0 Service Pack 7. The Windows 2000 fix can be applied to Windows 2000 Gold or Service Pack 1. This fix will be included in Windows 2000 Service Pack 2.