Microsoft posts patch for security vulnerability in Win 2000 server component

Microsoft posts patch for security vulnerability in Win 2000 server component

By Michael Cheek

GCN Staff

FEB. 16—In its first security bulletin for Windows 2000, Microsoft Corp. has warned of a vulnerability that could allow hackers to see server system logs and data files.

Microsoft posted software to patch the vulnerability within the Indexing Service of Win 2000 Server and Win 2000 Advanced Server. Without the patch, attackers could view the contents of some files on the same logical drive as the operating system's root directory. The files cannot be changed or deleted, and new files cannot be added.

Hackers can access the files only if the user has enabled the Indexing Service. Upon installation or when the OS comes preinstalled on a new system, the Indexing Service is turned off by default, making the systems safe from attack.

The patch, available at www.microsoft.com/security, fixes a similar weakness in Index Server 2.0 in Windows NT 4.0 Server.

Under NT 4.0's Index Server, the weakness gives attackers a way to see where Web files reside on a server, but does not allow reading or modifying of the files. If the patch is applied to NT 4.0 and a server is upgraded to Win 2000, an administrator needs to re-apply the patch.

For more technical detail, read the security bulletin at www.microsoft.com/technet/security/bulletin/ms00-006.asp.

More than 100,000 users who subscribe to the Microsoft security notification service received an alert about the vulnerability. To sign up for the free service, send a blank e-mail to microsoft_security-subscribe-request@announce.microsoft.com.

This vulnerability does not exist in Win 2000 Professional or NT 4.0 Workstation, the client versions of the OSes. The official launch for all versions of Win 2000 is Feb. 17. PC makers already have begun installing the OS, and many sites are using beta-test version of the software.

inside gcn

  • pollution (Shutterstock.com)

    Machine learning improves contamination monitoring

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group