Read Me First
This update resolves the "Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server
Compromise" security vulnerability in Windows 2000 computers running Internet Information Service (IIS) 5.0, and is discussed in Microsoft Security Bulletin MS01-033. Download now to prevent a malicious user from taking control of your Web server.
The Indexing Service ISAPI (Indexing Service Application Programming Interface) extension, idq.dll file, which installs as part of Indexing Service in Windows 2000 has an unchecked buffer (a temporary data storage area that has a limited capacity) in the code that handles incoming requests. A specifically malformed request from a malicious user can cause the buffer to overflow. Doing so grants the malicious user Local System privileges, allowing him or her to take complete control of the Web server. This update eliminates the vulnerability by ensuring that the ISAPI extension checks input correctly.
Note Although the functionality provided by idq.dll supports Indexing Service, idq.dll is installed with IIS 5.0, and the vulnerability is present only when IIS 5.0 is running.
For more information about this vulnerability, read Microsoft Security
Bulletin MS01-033.
System Requirements
This update applies to Windows 2000 computers running Indexing Service.
How to download and install
- Select your language from the drop-down list at the top of the page.
- Click Go.
- Click Security Update.
- Do one of the following:
- To start the installation immediately, click Run this program from its current location.
- To copy the download to your computer for installation at a later time, click Save this program to disk.
- Click OK.
How to use
Restart your computer to complete the installation.
How to uninstall
- Click Start, point to Settings, and then click Control Panel.
- Double-click Add/Remove Programs.
- Select Windows 2000 Hotfix (Pre SP3) [See Q300972 for more information], and then click Change/Remove to uninstall.
|
