Critical Patches

Here you will find some useful patches for Windows 2000.  If you know of any patches that might belong in this section please email us with the details.

Current
Included With Service Pack 3
Included With 2002 Security Rollup
Included With Service Pack 2
Included With Service Pack 1

Current:

810649: Critical Update
This update contains several fixes to Windows components to better support default Web browsers other than Internet Explorer, as described in Microsoft Knowledge Base (KB) Article 810649. Download now to improve the interaction of certain Windows components with default web browsers other than Internet Explorer.

Q329170: Security Update
A security vulnerability has been identified that could allow an attacker to disrupt a facility by which security settings are applied to Windows-based computers in a corporate network. This could allow the attacker to loosen settings on his or her own computer or impose tighter ones on someone else's. Network administrators can help eliminate this issue by installing this update.

Windows 2000 Security Patch: Microsoft Virtual Machine Security Update
This update resolves vulnerabilities in Microsoft virtual machine (Microsoft VM).

Q329115: Security Update
This update resolves the "Certificate Validation Flaw Could Enable Identity Spoofing" vulnerability in Windows 2000. Download now to help prevent an attacker from attempting identity spoofing using certificates.

Q323255: Security Update
This update resolves the "Unchecked buffer in HTML Help can lead to Code Execution" security vulnerability in Windows 2000. Download now to help prevent a malicious user from running an unauthorized program on your computer.

Q323172: Security Update
This update resolves the "Flaw in Digital Certificate Enrollment Component Allows Certificate Deletion" security vulnerability in Windows 2000. Download now to help stop a Web site or HTML e-mail from deleting digital certificates on your computer and preventing you from using the services they are associated with.

Q326830: Security Update
This update resolves the "Unchecked Buffer in Network Share Provider can lead to Denial of Service" vulnerability in Windows 2000. Download now to help prevent a malicious user from launching a denial of service (DoS) attack on your computer.

Q326886: Security Update
This update resolves the "Flaw in Network Connection Manager" security vulnerability in Windows 2000. Download now to help prevent a malicious user from gaining elevated privileges through the Network Connection Manager, and then running code of his or her choice on your computer.

Included in Service Pack 3(Service Pack 3 Also Includes All Fixes from SP 1 & 2):

Q311967: Security Update
This update resolves the "Unchecked buffer in the Multiple UNC Provider" security vulnerability in Windows 2000, and is discussed in Microsoft Security Bulletin MS02-017. Download now to help prevent a malicious user from exploiting a buffer overflow vulnerability to either cause your computer to restart or to run unauthorized programs on your computer.

Security Update, February 12, 2002
This update resolves the "Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run" security vulnerability in Windows 2000, and is discussed in Microsoft Security Bulletin MS02-006. Download now to help prevent a malicious user from running code of his or her choice or launching a denial of service (DoS) attack on your computer.

Security Update, August 17, 2001
This cumulative security update includes every update released for Internet Information Server (IIS) 5.0, and is discussed in Microsoft Security Bulletin MS01-044. Download now to keep IIS 5.0 updated with the latest security fixes.

Q319733: Internet Information Services Security Roll-up Package
This update addresses several newly discovered security vulnerabilities affecting Internet Information Services (IIS) 5.0, as well as incorporating all previous updates for IIS. This update is discussed in Microsoft Security Bulletin MS02-018.

Q318138: Security Update
This update resolves the "Unchecked Buffer in Remote Access Service Phonebook Could Lead to Code Execution" security vulnerability in Windows 2000. This vulnerability is the result of an unchecked buffer in the Remote Access Service (RAS) Phonebook. Download now to eliminate this vulnerability by instituting proper input checking on the RAS phonebook entries.

Q318593: Security Update (Windows 2000 Domain Controller)
This update resolves the "Opening Group Policy Files for Exclusive Read Access Blocks Policy Application" issue affecting Windows 2000 domain controllers, and is discussed in Microsoft Security Bulletin MS02-016. Download now to prevent an attacker from blocking the application of Group Policy within a Windows 2000 domain.

Security Update, March 7, 2002
This update resolves the "Unchecked Buffer in Windows Shell Could Lead to Code Execution" security vulnerability in Windows 2000, and is discussed in Microsoft Security Bulletin MS02-014. Download now to help prevent a malicious user from running programs on your computer.

Security Update, February 7, 2002
This update resolves the "Unchecked Buffer in Telnet Server Can Lead to Arbitrary Code Execution" security vulnerability in Windows 2000 and Interix 2.2, and is discussed in Microsoft Security Bulletin MS02-004. Download now to help prevent a malicious user from causing your Telnet server session to fail, or from running unauthorized code on your computer.

Included in 2002 Security Rollup:

Security Update, October 18, 2001
This update eliminates the "Invalid RDP Data can Cause Terminal Service Failure" vulnerability in computers running Windows 2000, and is discussed in Microsoft Security Bulletin MS01-052. Download now to help prevent a malicious user from causing your server to fail.

Security Update, August 23, 2001
This update resolves a denial of service vulnerability in Windows 2000 computers running the Network News Transfer Protocol (NNTP) service, and is discussed in Microsoft Security Bulletin MS01-043. Download now help prevent a malicious user from disrupting the operation of your server.

Security Update, June 18, 2001
This update resolves the "Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise" security vulnerability in Windows 2000 computers running Internet Information Service (IIS) 5.0, and is discussed in Microsoft Security Bulletin MS01-033. Download now help prevent a malicious user from taking control of your Web server.

Security Update, June 7, 2001
This update addresses the "Predicatable Name Pipes Could Enable Privilege Elevation via Telnet" security vulnerability in the Windows 2000 Telnet service that is discussed in Microsoft Security Bulletin MS01-031. Download now to help prevent a malicious user from launching programs on your computer, gaining access to your network or initiating a denial of service attack against your computer.

Security Update, May 14, 2001
This cumulative update includes all the updates that have been released for Internet Information Service (IIS) 5.0, including three new updates, and is discussed in Microsoft Security Bulletin MS01-026. Download now to update IIS 5.0 with the latest security fixes.

Security Update, May 10, 2001
This update addresses the "Malformed Hit-Highlighting" security vulnerability in Windows 2000 computers running Indexing Service, and is discussed in Microsoft Security Bulletin MS01-025. Download now to help prevent a malicious user from reading files on your Web server.

Security Update, August 19, 2001
This update resolves the "Malformed Data Frame Sent to a Windows 2000 Computer Through an Infrared Port Causes Stop Error" security vulnerability in Windows 2000, and is discussed in Microsoft Security Bulletin MS01-046. Download now to help prevent a malicious user from causing your computer to crash by sending a malformed data frame to your computer's infrared port.

Security Update, July 6, 2001
This update addresses the "Windows 2000 SMTP Mail Relaying" security vulnerability in the Windows 2000 Simple Mail Transfer Protocol (SMTP) service and is discussed in Microsoft Security Bulletin MS01-037. Download now to help prevent malicious users from relaying e-mail messages from your computer.

Security Update, June 26, 2001
This update resolves the "Function Exposed via LDAP over SSL Could Enable Passwords to be Changed " security vulnerability in Windows 2000 Server and Windows 2000 Advanced Server, and is discussed in Microsoft Security Bulletin MS01-036. Download now to help prevent a malicious user from changing another user's domain password.

Security Update, June 22, 2001
This update resolves the "NetMeeting Desktop Sharing" security vulnerability in Windows 2000, and is discussed in Microsoft Security Bulletin MS00-077. Download now to help prevent a malicious user from denying or interrupting NetMeeting® conferencing software services.

Security Update, February 12, 2001
This update resolves the "Malformed Event Record" security vulnerability in Windows 2000, and is discussed in Microsoft Security Bulletin MS01-013. Download now to help prevent a malicious user from running unauthorized code on your computer.

Security Update, February 5, 2001
This update resolves the "Network DDE Agent Request" security vulnerability in Windows 2000, and is discussed in Microsoft Security Bulletin MS01-007. Download now to increase security and help prevent a malicious user from running code to take control of your computer.

Security Update, October 24, 2000
This update resolves the "HyperTerminal Buffer Overflow" security vulnerability in Windows 2000. If you receive and open an HTML e-mail message that contains a particularly malformed Web address (URL), the URL can be used to exploit this vulnerability and run arbitrary code on your computer.

Included in Service Pack 2(Service Pack 2 Also Includes All Fixes from SP 1):

Security Update, May 1, 2001
This update resolves the "Unchecked Buffer in ISAPI Extension Could Enable Compromise of IIS 5.0 Server" security vulnerability in Windows 2000 and is discussed in Microsoft Security Bulletin MS01-023. Download now to help prevent a malicious user from taking control of your Web server.

Security Update, April 2, 2001
This update resolves the "Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard" security vulnerability, and is discussed in Microsoft Security Bulletin MS01-017. Download now to prevent an unauthorized user from running code on your computer by digitally signing programs as "Microsoft Corporation."

Security Update, March 13, 2001
This update resolves the "Malformed WebDAV Request Can Cause IIS to Exhaust CPU Resources" security vulnerability in Internet Information Services (IIS) 5.0, and is discussed in Microsoft Security Bulletin MS01-016. Download now to help prevent a malicious user from temporarily disrupting your Web services

Security Update, February 23, 2001
This update resolves the "Malformed URL can cause Service Failure in IIS 5.0 and Exchange 2000" security vulnerability in Internet Information Server (IIS) 5.0 and Exchange 2000, and is discussed in Microsoft Security Bulletin MS01-014. Download now to help prevent a malicious user from causing IIS 5.0 to fail.

Security Update, February 1, 2001
This update resolves the "Invalid RDP Data" security vulnerability in Windows 2000 terminal servers, and is discussed in Microsoft Security Bulletin MS01-006. Download now to prevent a malicious user from sending a specific series of data packets to your server, causing it to fail. *Included in SP2

Security Update, January 30, 2001
This update resolves the "VM File Reading" security vulnerability in the Microsoft virtual machine (Microsoft VM). Download now to prevent a malicious Web site operator from reading the files on your computer or viewing the Web content inside your intranet. *Included in SP2

Security Update, January 16, 2001
This update resolves the "Web Client NTLM Authentication" security vulnerability in Windows 2000 and Office 2000. Under specific conditions, this vulnerability allows a malicious Web site operator to obtain the cryptographically protected logon credentials of a visiting user because the security settings for the Web Extender Client (WEC) are set to incorrect levels, which allows your computer to send information about your authentication credentials to remote Web applications. Download now to ensure that your WEC components are set to the recommended Internet Explorer security levels, to prevent a malicious Web site operator from capturing your logon credentials. *Included in SP2

Security Update, January 5, 2001
This update resolves the "Malformed Web Form Submission" security vulnerability in FrontPage Server Extensions (FPSE) that ship as part of Internet Information Services (IIS) 5.0. FPSE is a set of programs that run on an IIS Web server, and administrators can use FPSE to manage and develop content for a Web site. The component of FPSE that provides support for the processing of Web forms may process malformed submissions incorrectly. If a malicious user creates a specially malformed Web form and submits it to an affected server, the IIS service could fail. If this occurs, the IIS service automatically restarts, but any Web sessions that are in progress at the time of an attack are lost. Download now to prevent a malicious user from disrupting the operation of your Web server. *Included in SP2

Security Update, December 20, 2000
This update resolves the "Indexing Service File Enumeration" vulnerability in Indexing Service 3.0. An ActiveX control that is shipped with Indexing Service is incorrectly marked as "safe for scripting." The control makes it possible for Web applications and other programs to list the names of files and folders on a Windows 2000 computer. Because this control is marked "safe for scripting," a malicious Web site operator could use the control to gather the names and properties of files and folders on an affected visiting user's computer. Download now to prevent a malicious Web site operator from gathering information about your files and folders. *Included in SP2

Security Update, December 7, 2000
This update resolves the "Phone Book Service Buffer Overflow" security vulnerability in Windows 2000. The Phone Book Service that runs on Internet Information Services (IIS) 5.0 has an unchecked buffer (a temporary data storage area) in the code that processes requests for phone book updates. A specifically malformed HTTP request from a malicious user can cause a buffer overflow in the Phone Book Service, which might allow the malicious user to run unauthorized code on the server, or cause the service to fail. Download now to prevent a malicious user from running code to add, change, or delete data on your Web server. *Included in SP2

Security Update, November 27, 2000
This update resolves the "Domain Account Lockout" security vulnerability in Windows 2000. Under very specific conditions, a malicious user can try repeatedly to guess an account password, even if the domain administrator has set the Account Lockout Policy to disable the account after a specified number of attempts to access it. Download now to ensure the Account Lockout Policy helps prevent unauthorized access to the computers in your network. *Included in SP2

Security Update, November 10, 2000
This update resolves the "Web Server File Request Parsing" security vulnerability in Internet Information Services (IIS) 5.0. When a Web server that is running IIS receives a request for a file, it passes the name of the file to the operating system for processing. If a malicious user combines a request for a .cmd or .bat file with operating system commands in a particular way, IIS improperly passes both the file request and the commands to the operating system. This could allow the malicious user to run commands directly on the Web server. Download now to prevent a malicious user from modifying Web pages, adding, changing, or deleting files by sending malformed file requests. Note This update has been revised as of November 20, 2000. Microsoft recommends that you install this version of the update. *Included in SP2

Security Update, November 5, 2000
This update resolves the "Indexing Services Cross Site Scripting" vulnerability in Indexing Services for Windows 2000. The Indexing Services is a search engine that is integrated with Internet Information Services 5.0 (IIS 5.0) and Windows 2000 that allows browsers to perform full-text searches of Web sites. Indexing Services does not properly validate all search inputs before processing them, and is consequently vulnerable to Cross-Site Scripting (CSS). CSS allows a malicious user to "inject" code into another person's Web session. If a malicious user is successful in exploiting this vulnerability, a Web site hosted by your server can be used to run code on a visting user's browser each time it returns to your Web site. Download now to prevent a malicious user from introducing code on your Web server, and returning it as a Web page to a visiting browser. *Included in SP2  

Security Update, November 3, 2000
This update resolves the "NetMon Protocol Parsing" security vulnerability in Windows 2000 and Systems Management Server (SMS). Network Monitor (NetMon) is an administrative tool that is used to monitor network traffic. If malformed data is sent over a network that an administrator is monitoring, it could overrun the buffer (a temporary data storage area on your computer) and either cause the NetMon to fail, or cause code of the sender?s choice to run on the computer that is under the administrator's control. Download now to prevent a malicious user from causing your computer's buffer to overflow. *Included in SP2  

Security Update, October 27, 2000
This update resolves the "Session ID Cookie Marking" security vulnerability in Internet Information Services (IIS) 5.0. When using .asp files, IIS cannot differentiate between secure and non-secure Session ID cookies (small data files that identify you to a Web site as you move around within that site). This update enables .asp files to mark Session ID cookies as "secure." Download now to prevent a malicious user from connecting to the Web page you are viewing, assuming your identity, and placing orders or viewing your personal information. Note This update has been revised as of November 20, 2000. Microsoft recommends that you install this version of the update. *Included in SP2

Security Update, October 17, 2000
This update resolves the "NetMeeting Desktop Sharing" security vulnerability in Windows NT® 4.0 and Windows 2000. When Remote Desktop Sharing is enabled, NetMeeting does not handle a particular kind of malformed input string correctly, when it is sent from a client. If an affected computer received such data, it could temporarily cause the NetMeeting application to stop responding and temporarily drive CPU utilization to 100 percent, resulting in the loss of any session that was in progress at the time. Download now to prevent a malicious user from denying or interrupting NetMeeting services. *Included in SP2

Security Update, October 7, 2000
This update resolves the "Multiple LPC and LPC Ports" security vulnerability in Windows 2000 and Windows NT® 4.0. Local Procedure Call (LPC) is a message-passing service provided by Windows NT 4.0 and Windows 2000. LPC ports are channels within LPC that allow threads (a series of messages that have been posted as replies to each other) within a communication process to coordinate LPC requests. Windows 2000 and Windows NT 4.0 are unable to handle unexpected LPCs properly. If a malicious user makes process requests in an invalid order, or uses invalid parameters, it could cause your computer to fail or permit a malicious user to impersonate your privileges and eavesdrop. Download now to prevent a malicious user from causing your computer to fail, impersonating your privileges, or causing the client or server to fail by posing as the client or server and sending random data. *Included in SP2

Security Update, October 6, 2000
This update resolves the "Simplified Chinese IME State Recognition" security vulnerability in Windows 2000. The Input Method Editor (IME) for Simplified Chinese inappropriately exposes functionality when it is used as part of a computer's logon screen. Download now to prevent a malicious user from exploiting the logon screen for Simplified Chinese IME to run code, add users to the computer, install or remove system components, add or remove software and compromise data. *Included in SP2

Security Update, September 16, 2000
This update resolves the "Windows 2000 Telnet Client NTLM Authentication" security vulnerability in Windows 2000. NT LanMan (NTLM) is an authentication process that is used to prove a client?s identity on a network. Windows 2000 includes a Telnet client that is capable of using NTLM authentication when it connects to a remote NTLM-enabled Telnet server. A malicious user who operates a Telnet server could initiate a session with another computer and collect the computer's NTLM authentication credentials. These credentials could be subjected to an offline attack to discover the user?s clear-text password. Download now to prevent a malicious user from acquiring your authentication credentials. *Included in SP2

Security Update, September 10, 2000
This update resolves the "Malformed RPC Packet" security vulnerability in Windows 2000. In order to exploit this vulnerability, a malicious Remote Procedure Call (RPC) client would have to send a malformed RPC packet to a Windows 2000 server. On receiving the malformed RPC packet, the server stops responding to client requests. Download this update to prevent a malicious user from launching a Denial of Service attack via the RPC client. *Included in SP2

Security Update, September 9, 2000
This update resolves the "Still Image Service Privilege Escalation" security vulnerability in Windows 2000. The Still Image Service is automatically installed when a still image device (such as a digital camera or scanner) is attached to the Windows 2000 host. There is an unchecked buffer in the Still Image Service that may allow a malicious program to obtain LocalSystem privileges. Download now to prevent a malicious user from logging on to a Windows 2000 computer interactively and running a program that could enable the malicious user to obtain administrative privileges on the host.*Included in SP2

Security Update, September 2, 2000
This update resolves the "Local Security Policy Corruption" security vulnerability in Windows 2000. Download now to prevent a malicious user from corrupting parts of your computer's local security policy and disabling your network access. If a malicious user has logon access to a network computer and corrupts its network security policy, that computer will no longer be able to log onto a domain, request files from a file server, or share files with other computers. If the affected computer is a domain controller, exploiting this vulnerability can disrupt all network operations. (Fix Included with SP1)

Security Update, August 21, 2000
This update resolves the "Service Control Manager Named Pipe Impersonation" security vulnerability in Windows 2000. The Service Control Manager (SCM) is an administrative tool provided in Windows 2000 that allows system services like Server, Workstation, Alerter, ClipBook, and others to be created or modified. The SCM creates a named pipe for each service as it starts. Download now to prevent a malicious user from creating or predicting pipes that allow impersonation of your specific user or LocalSystem privileges. *Included in SP2

Security Update, August 19, 2000
This update resolves the "Telnet Server Flooding" security vulnerability in Microsoft Windows 2000. Download now to prevent a malicious user from sending invalid input information to your Telnet Server. Although the Telnet service is provided as part of Windows 2000, the service is not enabled by default, and users who have not enabled it are not at risk. *Included in SP2

Security Update, August 17, 2000
This update resolves the "Relative Shell Path" security vulnerability in Microsoft Windows 2000. Install this update to prevent malicious users from substituting the code of their choice for the file Explore.exe, which creates the Windows desktop you interact with on your computer. If the Explorer.exe code has been replaced with substituted code, it persists for every subsequent user that logs on to your computer. A malicious user would have to be able to log on to your computer at the keyboard to exploit this vulnerability *Included in SP2

Security Update, August 15, 2000
This update resolves the "File Permission Canonicalization" security vulnerability in Internet Information Services (IIS). Download now to prevent a malicious user from gaining permission to use Internet Server Application Programming Interface (ISAPI) files hosted on a Web server. *Included in SP2

Included in Service Pack 1:

Security Update, August 23, 2000
This update resolves the "Specialized Header" vulnerability in Internet Information Services (IIS) 5.0, which ships with Windows 2000. Download now to help prevent a malicious user from exploiting this vulnerability and causing your Web server to send the source code of .asp or .htr files to a visiting browser. Security recommendations advise against ever including sensitive information in .asp or .htr files.

Security Update, August 20, 2000
This update resolves the "Protected Store Key Length" security vulnerability in Windows 2000. Download now to help prevent a malicious user from compromising sensitive information on your computer. An attacker must have complete administrative control over your computer in order to exploit this vulnerability.

Critical Update, July 26, 2000
This update resolves the issue, "Component Object Model Plus (COM+) Process Leaks in Memory due to COM+ Objects not Being Released" in Windows 2000. When custom applications use COM+ objects, they are released properly in Windows NT® but may result in memory leaks when they are released in Windows 2000. These memory leaks may eventually require stopping the program to resolve the issue.

Security Update, July 17, 2000
This update resolves two security vulnerabilities in Internet Information Server (IIS) 5.0 and IIS 4.0, the "Absent Directory Browser Argument" vulnerability and the "File Fragment Reading via .HTR" vulnerability. Installing this update will prevent a malicious user from exploiting these vulnerabilities to slow performance on an affected Web server or, under very specific conditions, obtain the source code of certain types of files on a Web server. The referenced .HTR files are scripts that Windows NT users can employ to change passwords, and that administrators can use to perform a variety of password administration functions. Neither of these vulnerabilities allows data to be changed, added, or deleted on the server, nor do they allow administrative control over the affected computer. *Included in SP1

Critical Update, June 8, 2000
For Windows 2000, Japanese language-version only. This update resolves the "Fixed Font does not Align Properly when using Double-Byte Character Set" issue in the Japanese language-version of Windows 2000. When you use a fixed pitch font, such as MS Gothic or MS Mincho, the fonts may not be aligned properly on your monitor or printer. Note This update has been revised since its original release. Microsoft recommends that all users who are running the Japanese language-version of Windows 2000 install this updated version. *Included in SP1

Security Update, June 6, 2000
This update resolves the "ResetBrowser Frame" and "HostAnnouncement Flooding" security vulnerabilities in Windows 2000 and Windows NT 4.0. Installing this update will prevent a malicious user from denying network users the ability to locate services or other computers on the network. Without this update, the malicious user may also be able to provide inaccurate information to network users. *Included in SP1

Security Update, June 3, 2000
This update resolves the "Malformed Environment Variable" security vulnerability in Windows 2000 and Windows NT 4.0. Installing this update will prevent a malicious user from consuming available memory on an affected server, which can slow down or stop the server's ability to respond. The vulnerability would not allow a malicious user to compromise data on the computer or take over administrative control. *Included in SP1

Security Update, June 1, 2000
This update resolves the "Mixed Object Access" security vulnerability in Windows 2000. Installing this update will prevent a malicious user from modifying information in the Active Directory. This vulnerability can only be exploited under very specific conditions, by a user who already has authority to modify information in the Active Directory. Only Windows 2000 domain controllers are affected by the vulnerability, and Windows 2000 auditing allows administrators to determine who made the change. *Included in SP1

Security Update, May 30, 2000
This update resolves two security vulnerabilities in Internet Information Server (IIS) 5.0 and IIS 4.0, the "Undelimited .HTR Request" vulnerability and the "File Fragment Reading via .HTR" vulnerability. Installing this update will prevent a malicious user from exploiting these vulnerabilities to slow performance on an affected Web server or, under very specific conditions, obtain the source code of certain types of files on a Web server. The referenced .HTR files are scripts that Windows NT users can employ to change passwords, and that administrators can use to perform a variety of password administration functions. Neither of these vulnerabilities allows data to be changed, added, or deleted on the server, nor do they allow administrative control over the affected computer. *Included in SP1

Security Update, May 26, 2000
This update resolves the "Malformed Extension Data in URL" security vulnerability in Internet Information Server (IIS) 5.0 and IIS 4.0. Installing this update will prevent a malicious user from slowing or temporarily stopping performance on your Web server. If the URL used by a malicious user to request a file on your Web server contained malformed file extension data, the server could become unresponsive. The vulnerability does not cause the server to fail, nor does it allow a malicious user to compromise data on the computer or to take administrative control over it. *Included in SP1

Security Update, May 19, 2000
This update resolves the "IP Fragment Reassembly" security vulnerability in Windows 2000. Installing this update will minimize the negative effects that fragmented Internet Protocol (IP) datagrams could have on your computer's central processing unit (CPU). IP datagrams are a necessary part of network and Internet communication. If a continuous stream of fragmented IP datagrams with a particular malformation were sent to an affected computer, it could be made to devote most or all of its CPU availability to processing these fragments. The vulnerability would not allow a malicious user to compromise data on the computer or usurp administrative control over it. *Included in SP1

Security Update, April 18, 2000
This update eliminates the "Myriad Escaped Characters" security vulnerability found in Microsoft Internet Information Server (IIS). Installing this update will prevent a malicious user from adversely affecting a Web server's response time. The update also eliminates a vulnerability that could reveal certain information about the Web server to unauthorized users. *Included in SP1

Security Update, April 17, 2000
This update eliminates the "Malformed TCP/IP Print Request" vulnerability found in the TCP/IP Printing Services for Windows NT 4.0 and Windows 2000 (in Windows 2000, the service is referred to as "Print Services for Unix"). This is an optional service used primarily in mixed Windows NT-Unix environments, and is not installed by default. Installing this update will prevent a malicious user from disrupting printing services on a network that has installed TCP/IP Printing Services. The native Windows NT and Windows 2000 printing service is not affected by this vulnerability. *Included in SP1

Security Update, April 14, 2000
This update eliminates the "Virtualized UNC Share" security vulnerability found in Microsoft Internet Information Server (IIS) and some of its related software. Installing this update will prevent the source code of certain types of files to be sent from a Web server to a visiting user's browser. The vulnerability does not enable unauthorized users to change files or take administrative action on the Web server. *Included in SP1

Critical Update, March 21, 2000
Windows 2000 Encryption Protection Update. Microsoft has discovered an issue regarding 128-bit versions of Internet Explorer 5.0 customized by the Internet Explorer Administration Kit (IEAK) 5.0. After installing customized Internet Explorer 5.0, users of Windows 2000 will be unable to login. Microsoft has already prepared a protective update to download. Please review your specific situation to determine if you require protection from the scenario described in the Read Me First page. Please accept our apology for any inconvenience resulting from this issue. *Included in SP1

Windows 2000 Critical Update, February 17, 2000
Bring your computer up-to-date with the latest updates for the Windows 2000 operating system.  *Included in SP1

• "Year is Reported Incorrectly on a Non-Gregorian Calendar."
  This update resolves a VBScripting problem where the year is reported incorrectly when using the Wareki or Taiwan date calendar. This problem does not occur if using the Gregorian calendar. This is not a Year 2000 problem, as it affects all dates. For more information on this issue, please visit Microsoft Knowledge Base (KB) Article Q253342.
• "Corrupt Files Generated When Saving as .htm To HTTP Server From Word."
  This update resolves a potential data-corruption problem that can occur when saving files as .htm to an http server from Office 2000 programs, including Word and Excel. For more information on this issue, please visit Microsoft KB Article Q252633.
• "Malformed Hit-Highlighting Argument Security Vulnerability."
  This update resolves a vulnerability that could allow a malicious Web surfer to gain unauthorized access to view files if running Web services and file indexing services. For more information on this vulnerability, please visit Microsoft Security Bulletin MS00-006.

Security Update for Microsoft Virtual Machine (VM)
Download the latest update for the Microsoft VM. Installing this update will resolve the "VM File Reading" security vulnerability in the current Microsoft VM and will upgrade you to the most recent version available.
*Included in SP1

These different patch information, downloads and links were obtained from the Microsoft Windows 2000 website at http://www.microsoft.com/windows2000 and are linked from ActiveWin.com for your convenience. For the most accurate information please visit the official site. 

Return To The Windows 2000 Section