Windows 2000 Home   All Products  |   Support  |   Search  | Guide home
  Windows 2000 Home  |   Windows 2000 Worldwide  |
Search This Site
Advanced Search

Windows 2000  > Downloads  > Critical Updates

Security Update, June 18, 2001

Posted: June 18, 2001
Select Language:

Read Me First

This update resolves the "Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise" security vulnerability in Windows 2000 computers running Internet Information Service (IIS) 5.0, and is discussed in Microsoft Security Bulletin MS01-033. Download now to prevent a malicious user from taking control of your Web server.

The Indexing Service ISAPI (Indexing Service Application Programming Interface) extension, idq.dll file, which installs as part of Indexing Service in Windows 2000 has an unchecked buffer (a temporary data storage area that has a limited capacity) in the code that handles incoming requests. A specifically malformed request from a malicious user can cause the buffer to overflow. Doing so grants the malicious user Local System privileges, allowing him or her to take complete control of the Web server. This update eliminates the vulnerability by ensuring that the ISAPI extension checks input correctly.

Note Although the functionality provided by idq.dll supports Indexing Service, idq.dll is installed with IIS 5.0, and the vulnerability is present only when IIS 5.0 is running.

For more information about this vulnerability, read Microsoft Security Bulletin MS01-033.

System Requirements

This update applies to Windows 2000 computers running Indexing Service.

How to download and install

  1. Select your language from the drop-down list at the top of the page.
  2. Click Go.
  3. Click Security Update.
  4. Do one of the following:
    • To start the installation immediately, click Run this program from its current location.
    • To copy the download to your computer for installation at a later time, click Save this program to disk.
  5. Click OK.

How to use

Restart your computer to complete the installation.

How to uninstall

  1. Click Start, point to Settings, and then click Control Panel.
  2. Double-click Add/Remove Programs.
  3. Select Windows 2000 Hotfix (Pre SP3) [See Q300972 for more information], and then click Change/Remove to uninstall.

To top of page
   Contact Us    E-Mail This Page    Windows 2000 Newsletters   
   2001 Microsoft Corporation. All rights reserved. Terms of Use.    Privacy Statement    Accessibility