Microsoft posts patch for security vulnerability in Win 2000 server component

Microsoft posts patch for security vulnerability in Win 2000 server component

By Michael Cheek

GCN Staff

MARCH 1-In its first security bulletin for Windows 2000, Microsoft Corp. has warned of a vulnerability that could allow hackers to see server system logs and data files.

Microsoft posted software to patch the vulnerability within the Indexing Service of Win 2000 Server and Win 2000 Advanced Server. Without the patch, attackers could view the contents of some files on the same logical drive as the operating system's root directory. The files cannot be changed or deleted, and new files cannot be added.

Hackers can access the files only if the user has enabled the Indexing Service. Upon installation or when the OS comes preinstalled on a new system, the Indexing Service is turned off by default, making the systems safe from attack.

The patch, available at, fixes a similar weakness in Index Server 2.0 in Windows NT 4.0 Server.

Under NT 4.0's Index Server, the weakness gives attackers a way to see where Web files reside on a server, but does not allow reading or modifying of the files. If the patch is applied to NT 4.0 and a server is upgraded to Win 2000, an administrator needs to re-apply the patch.

For more technical detail, read the security bulletin at

More than 100,000 users who subscribe to the Microsoft security notification service received an alert about the vulnerability. To sign up for the free service, send a blank e-mail to [email protected].

This vulnerability does not exist in Win 2000 Professional or NT 4.0 Workstation, the client versions of the OSes. The official launch for all versions of Win 2000 is Feb. 17. PC makers already have begun installing the OS, and many sites are using beta-test version of the software.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.