Microsoft Windows NT Server Home   All Products  |   Support  |   Search  | Home  
  Windows Home Pages  |   Downloads  |   Support  |   Sitemap  |
Enter a search phrase:
Windows NT Server 4.0 | Downloads

Security Update, May 10, 2001

Select your language from the drop down list below and click Next.


Read Me First

This update addresses the "Malformed Hit-Highlighting" security vulnerability in Windows NT® 4.0 computers running Index Server 2.0, and is discussed in Microsoft Security Bulletin MS01-025. Download now to prevent a malicious user from reading files on your Web server.

When you conduct a search using Indexing Server 2.0, the hit-highlighting function provides search results that highlight portions of documents that satisfy your search query. This vulnerability exists because Indexing Server 2.0 doesn't set the correct parameters for hit-highlighting search requests. If a malicious user provides a specific type of malformed request, it retrieves files on the server, regardless of the permissions that have been set by the administrator.

By design, the hit-highlighting feature allows the user to specify the name of the document to be hit-highlighted. The user should only be able to request documents within the server's virtual directories; however, if a specific type of malformed argument is provided, it can be used to request a file by its physical location on the drive.

For more information about this vulnerability, read Microsoft Security Bulletin MS01-025.

System Requirements
This update applies to Windows NT 4.0 computers running Index Server 2.0.

How to download and install

  1. Select your language from the drop-down list at the top of the page.
  2. Click Next.
  3. Click Download Now.
  4. Do one of the following:
    • To start the installation immediately, click Run this program from its current location.
    • To copy the download to your computer for installation at a later time, click Save this program to disk.
  5. Click OK.

How to use
Restart your computer to complete the installation.

How to uninstall
Uninstall is not available.

 Last Updated: Wednesday, June 06, 2001
 © 2001 Microsoft Corporation. All rights reserved. Terms of Use.