Read Me First
This update resolves the "Unchecked Buffer in Index
Server ISAPI Extension Could Enable Web Server
Compromise" security vulnerability in Windows 2000
computers running Internet Information Service (IIS)
5.0, and is discussed in Microsoft Security Bulletin
MS01-033. Download now to prevent a malicious user from
taking control of your Web server.
The Indexing Service ISAPI (Indexing Service
Application Programming Interface) extension, idq.dll
file, which installs as part of Indexing Service in
Windows 2000 has an unchecked buffer (a temporary
data storage area that has a limited capacity) in the
code that handles incoming requests. A specifically
malformed request from a malicious user can cause the
buffer to overflow. Doing so grants the malicious user
Local System privileges, allowing him or her to take
complete control of the Web server. This update
eliminates the vulnerability by ensuring that the ISAPI
extension checks input correctly.
Note Although the functionality provided by
idq.dll supports Indexing Service, idq.dll is installed
with IIS 5.0, and the vulnerability is present only when
IIS 5.0 is running.
For more information about this vulnerability, read
Microsoft Security Bulletin MS01-033.
This update applies to Windows 2000 computers running
How to download and install
- Select your language from the drop-down list at
the top of the page.
- Click Go.
- Click Security Update.
- Do one of the following:
- To start the installation immediately, click
Run this program from its current location.
- To copy the download to your computer for
installation at a later time, click Save this
program to disk.
- Click OK.
How to use
Restart your computer to complete the
How to uninstall
- Click Start, point to Settings, and
then click Control Panel.
- Double-click Add/Remove Programs.
- Select Windows 2000 Hotfix (Pre SP3) [See
Q300972 for more information], and then click
Change/Remove to uninstall.