Select your language from the drop down list below and
Read Me First
This update addresses the "Malformed Hit-Highlighting"
security vulnerability in Windows NT® 4.0 computers
running Index Server 2.0, and is discussed in Microsoft
Security Bulletin MS01-025. Download now to prevent a
malicious user from reading files on your Web server.
When you conduct a search using Indexing Server 2.0, the
hit-highlighting function provides search results that
highlight portions of documents that satisfy your search
query. This vulnerability exists because Indexing Server 2.0
doesn't set the correct parameters for hit-highlighting search
requests. If a malicious user provides a specific type of
malformed request, it retrieves files on the server,
regardless of the permissions that have been set by the
By design, the hit-highlighting feature allows the user to
specify the name of the document to be hit-highlighted. The
user should only be able to request documents within the
server's virtual directories; however, if a specific type of
malformed argument is provided, it can be used to request a
file by its physical location on the drive.
For more information about this vulnerability, read
Microsoft Security Bulletin MS01-025.
This update applies to
Windows NT 4.0 computers running Index Server 2.0.
How to download and install
- Select your language from the drop-down list at the top
of the page.
- Click Next.
- Click Download Now.
- Do one of the following:
- To start the installation immediately, click Run
this program from its current location.
- To copy the download to your computer for installation
at a later time, click Save this program to disk.
- Click OK.
How to use
Restart your computer to complete the
How to uninstall
Uninstall is not