We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
For more information about IIS 7.0, visit the following Microsoft Web site:
Under certain circumstances, the Windows 2000 post-Service
Pack 1 (SP1) catalog file (Sp2.cat) that is included with Windows 2000 post-SP1
hotfixes may be incorrectly versioned. All Windows 2000 post-SP1 hotfixes that
had this problem have been repackaged to include an updated Sp2.cat
file.
If multiple Windows 2000 post-SP1 hotfixes are installed on
your computer and one hotfix has this Sp2.cat versioning issue, your computer
may be affected. Depending on the order in which the hotfixes were installed, a
newer hotfixed Sp2.cat file may be replaced by an older version.
This
problem occurs only with English-language hotfixes.
To resolve this problem, obtain the latest service pack for Windows 2000. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
260910
(http://support.microsoft.com/kb/260910/
)
How to obtain the latest Windows
2000 service pack
The resolution to this problem is a two-step
process. In step 1, you install a tool that can help you verify if your
computer is affected by this problem. In step 2, you install an updated Windows
2000 post-SP1 catalog file that protects your computer from this
problem.
- Microsoft has released a tool that can help you verify if
your computer is affected by this problem. This tool checks all Windows 2000
hotfixes that are installed on your computer to determine if any of your
current hotfixes are affected.
For more information about this tool and how to install it, click the following article number to view the article in the Microsoft Knowledge Base:
282784
(http://support.microsoft.com/kb/282784/
)
Qfecheck.exe verifies the installation of Windows 2000 and Windows XP hotfixes
- Install the updated Windows 2000 post-SP1 catalog file.
- Windows 2000 SP1 includes an update that allows .cat
files to be dynamically read when they are installed; therefore, you do not
need to restart your computer after applying this package.
If you are
running Windows 2000 SP1, download the following file: - Windows 2000-based computers without SP1 read catalog
information when the system is started. After you apply this package you are
prompted to restart your computer.
If you are not running Windows
2000 SP1, download the following file:
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591
(http://support.microsoft.com/kb/119591/
)
How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
The English-language version of this fix should have the
following file attributes or later:
Date Time Size File name
--------------------------------------
12/14/2000 05:11a 626,702 Sp2.cat
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. This problem was first corrected in Windows 2000 Service Pack 2.
Every Microsoft hotfix for Windows 2000 contains a catalog
file. This catalog file contains the information that is used by the Windows
File Protection feature to verify the files in the hotfix package. For Windows
2000 post-SP1 hotfixes, the file is named Sp2.cat.
For more information about the Windows File Protection feature, click the following article number to view the article in the Microsoft Knowledge Base:
222193
(http://support.microsoft.com/kb/222193/
)
Description of the Windows 2000 Windows File Protection feature
Hotfix catalog files are cumulative. The latest
hotfix file contains information for all hotfixes that were created before it.
This allows one version of the file to be installed while earlier hotfixed
files continue to be valid.
This problem affects the following Microsoft Security
Bulletin fixes that are referenced on the following Microsoft Web site:
- Security bulletin:
MS00-036
(http://www.microsoft.com/technet/security/bulletin/ms00-036.mspx)
Microsoft Knowledge Base article:262694
(http://support.microsoft.com/kb/262694/
)
Malicious user can shut down computer browser service
- Security bulletin:
MS00-044
(http://www.microsoft.com/technet/security/bulletin/MS00-044.mspx)
Microsoft Knowledge Base article:267559
(http://support.microsoft.com/kb/267559/
)
GET on HTR file can cause a "denial of service" or enable directory browsing
- Security bulletin:
MS00-047
(http://www.microsoft.com/technet/security/bulletin/MS00-047.mspx)
Microsoft Knowledge Base article:269239
(http://support.microsoft.com/kb/269239/
)
NetBIOS vulnerability may cause duplicate name on the network conflicts
- Security bulletin:
MS00-050
(http://www.microsoft.com/technet/security/bulletin/MS00-050.mspx)
Microsoft Knowledge Base article:267843
(http://support.microsoft.com/kb/267843/
)
Windows 2000 Telnet Server stops responding after binary input
- Security bulletin:
MS00-052
(http://www.microsoft.com/technet/security/bulletin/MS00-052.mspx)
Microsoft Knowledge Base article:269049
(http://support.microsoft.com/kb/269049/
)
Registry-invoked programs use standard search path
- Security bulletin:
MS00-053
(http://www.microsoft.com/technet/security/bulletin/MS00-053.mspx)
Microsoft Knowledge Base article:269523
(http://support.microsoft.com/kb/269523/
)
Service Control Manager named pipe impersonization vulnerability
- Security bulletin:
MS00-057
(http://www.microsoft.com/technet/security/bulletin/MS00-057.mspx)
Microsoft Knowledge Base article:269862
(http://support.microsoft.com/kb/269862/
)
Patch released for canonicalization error issue
- Security bulletin:
MS00-058
(http://www.microsoft.com/technet/security/bulletin/MS00-058.mspx)
Microsoft Knowledge Base article:256888
(http://support.microsoft.com/kb/256888/
)
Internet Information Service may return source of active server pages file
- Security bulletin:
MS00-065
(http://www.microsoft.com/technet/security/bulletin/MS00-065.mspx)
Microsoft Knowledge Base article:272736
(http://support.microsoft.com/kb/272736/
)
Windows 2000 Still Image service exposes user elevation vulnerability
- Security bulletin:
MS00-066
(http://www.microsoft.com/technet/security/bulletin/MS00-066.mspx)
Microsoft Knowledge Base article:272303
(http://support.microsoft.com/kb/272303/
)
RPC Server service stops responding
- Security bulletin:
MS00-067
(http://www.microsoft.com/technet/security/bulletin/MS00-067.mspx)
Microsoft Knowledge Base article:272743
(http://support.microsoft.com/kb/272743/
)
HTML e-mail link transmits user name and password to unauthorized server
- Security bulletin:
MS00-069
(http://www.microsoft.com/technet/security/bulletin/MS00-069.mspx)
Microsoft Knowledge Base article:270676
(http://support.microsoft.com/kb/270676/
)
Users might gain full control of a system via the "simplified Chinese IME state recognition" vulnerability
- Security bulletin:
MS00-070
(http://www.microsoft.com/technet/security/bulletin/MS00-070.mspx)
Microsoft Knowledge Base article:266433
(http://support.microsoft.com/kb/266433/
)
Patch for numerous vulnerabilities in the LPC port system calls
- Security bulletin:
MS00-077
(http://www.microsoft.com/technet/security/bulletin/MS00-077.mspx)
Microsoft Knowledge Base article:273854
(http://support.microsoft.com/kb/273854/
)
Denial of service can occur with Microsoft NetMeeting
- Security bulletin:
MS00-080
(http://www.microsoft.com/technet/security/bulletin/MS00-080.mspx)
Microsoft Knowledge Base article:274149
(http://support.microsoft.com/kb/274149/
)
Cookies are not marked as SSL-secured in IIS
- Security bulletin:
MS00-083
(http://www.microsoft.com/technet/security/bulletin/MS00-083.mspx)
Microsoft Knowledge Base article:274835
(http://support.microsoft.com/kb/274835/
)
Buffer overflow in Network Monitor may cause vulnerability
- Security bulletin:
MS00-084
(http://www.microsoft.com/technet/security/bulletin/MS00-084.mspx)
Microsoft Knowledge Base article:278499
(http://support.microsoft.com/kb/278499/
)
Update available for indexing service availability
- Security bulletin:
MS00-085
(http://www.microsoft.com/technet/security/bulletin/MS00-085.mspx)
Microsoft Knowledge Base article:278511
(http://support.microsoft.com/kb/278511/
)
Patch available for ActiveX parameter validation vulnerability
- Security bulletin:
MS00-086
(http://www.microsoft.com/technet/security/bulletin/MS00-086.mspx)
Microsoft Knowledge Base article:277873
(http://support.microsoft.com/kb/277873/
)
Patch for "Web server file request parsing" vulnerability
- Security bulletin:
MS00-089
(http://www.microsoft.com/technet/security/bulletin/MS00-089.mspx)
Microsoft Knowledge Base article:274372
(http://support.microsoft.com/kb/274372/
)
Patch released for "domain account lockout" vulnerability
Article ID: 281767 - Last Review: July 28, 2008 - Revision: 8.2
APPLIES TO
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Professional SP1
| kbhotfixserver kbqfe kbbug kbfix kbgraphxlinkcritical kbsetup kbwin2000presp2fix KB281767 |
Back to the top
