Microsoft posts patch for security vulnerability in Win 2000 server component

Microsoft posts patch for security vulnerability in Win 2000 server component

By Michael Cheek

GCN Staff

MARCH 1-In its first security bulletin for Windows 2000, Microsoft Corp. has warned of a vulnerability that could allow hackers to see server system logs and data files.

Microsoft posted software to patch the vulnerability within the Indexing Service of Win 2000 Server and Win 2000 Advanced Server. Without the patch, attackers could view the contents of some files on the same logical drive as the operating system's root directory. The files cannot be changed or deleted, and new files cannot be added.

Hackers can access the files only if the user has enabled the Indexing Service. Upon installation or when the OS comes preinstalled on a new system, the Indexing Service is turned off by default, making the systems safe from attack.

The patch, available at www.microsoft.com/security, fixes a similar weakness in Index Server 2.0 in Windows NT 4.0 Server.

Under NT 4.0's Index Server, the weakness gives attackers a way to see where Web files reside on a server, but does not allow reading or modifying of the files. If the patch is applied to NT 4.0 and a server is upgraded to Win 2000, an administrator needs to re-apply the patch.

For more technical detail, read the security bulletin at www.microsoft.com/technet/security/bulletin/ms00-006.asp.

More than 100,000 users who subscribe to the Microsoft security notification service received an alert about the vulnerability. To sign up for the free service, send a blank e-mail to [email protected].

This vulnerability does not exist in Win 2000 Professional or NT 4.0 Workstation, the client versions of the OSes. The official launch for all versions of Win 2000 is Feb. 17. PC makers already have begun installing the OS, and many sites are using beta-test version of the software.

Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected