Microsoft posts patch for security vulnerability in Win 2000 server component

Microsoft posts patch for security vulnerability in Win 2000 server component

By Michael Cheek

GCN Staff

MARCH 1-In its first security bulletin for Windows 2000, Microsoft Corp. has warned of a vulnerability that could allow hackers to see server system logs and data files.

Microsoft posted software to patch the vulnerability within the Indexing Service of Win 2000 Server and Win 2000 Advanced Server. Without the patch, attackers could view the contents of some files on the same logical drive as the operating system's root directory. The files cannot be changed or deleted, and new files cannot be added.

Hackers can access the files only if the user has enabled the Indexing Service. Upon installation or when the OS comes preinstalled on a new system, the Indexing Service is turned off by default, making the systems safe from attack.

The patch, available at, fixes a similar weakness in Index Server 2.0 in Windows NT 4.0 Server.

Under NT 4.0's Index Server, the weakness gives attackers a way to see where Web files reside on a server, but does not allow reading or modifying of the files. If the patch is applied to NT 4.0 and a server is upgraded to Win 2000, an administrator needs to re-apply the patch.

For more technical detail, read the security bulletin at

More than 100,000 users who subscribe to the Microsoft security notification service received an alert about the vulnerability. To sign up for the free service, send a blank e-mail to [email protected].

This vulnerability does not exist in Win 2000 Professional or NT 4.0 Workstation, the client versions of the OSes. The official launch for all versions of Win 2000 is Feb. 17. PC makers already have begun installing the OS, and many sites are using beta-test version of the software.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected