This update resolves the "Unchecked Buffer in ISAPI Extension Could Enable Compromise of IIS 5.0 Server" security vulnerability in Windows 2000 and is discussed in Microsoft Security Bulletin MS01-023. Download now to prevent a malicious user from taking control of your Web server.
The Internet Printing ISAPI (Internet Services Application Programming Interface) extension for Windows 2000 has an unchecked buffer (a temporary data storage area that has a limited capacity) in the code that processes users' print requests. A specifically malformed request from a malicious user can cause the buffer to overflow. Doing so grants the malicious user Local System privileges, allowing him to take complete control of the Web server. This update eliminates the vulnerability by ensuring that the ISAPI extension checks input correctly.
Note Although the affected component is not part of Internet Information Services (IIS) 5.0, the vulnerability is present only when IIS 5.0 is running.