Microsoft KB Archive/281767

= Updated Sp2.cat available to resolve versioning issues with post Service Pack 1 hotfixes =

Article ID: 281767

Article Last Modified on 1/29/2007

-

APPLIES TO


 * Microsoft Windows 2000 Service Pack 1
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Service Pack 1

-



This article was previously published under Q281767



SYMPTOMS
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx

Under certain circumstances, the Windows 2000 post-Service Pack 1 (SP1) catalog file (Sp2.cat) that is included with Windows 2000 post-SP1 hotfixes may be incorrectly versioned. All Windows 2000 post-SP1 hotfixes that had this problem have been repackaged to include an updated Sp2.cat file.

If multiple Windows 2000 post-SP1 hotfixes are installed on your computer and one hotfix has this Sp2.cat versioning issue, your computer may be affected. Depending on the order in which the hotfixes were installed, a newer hotfixed Sp2.cat file may be replaced by an older version.

This problem occurs only with English-language hotfixes.



RESOLUTION
To resolve this problem, obtain the latest service pack for Windows 2000. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to obtain the latest Windows 2000 service pack

The resolution to this problem is a two-step process. In step 1, you install a tool that can help you verify if your computer is affected by this problem. In step 2, you install an updated Windows 2000 post-SP1 catalog file that protects your computer from this problem.

 Microsoft has released a tool that can help you verify if your computer is affected by this problem. This tool checks all Windows 2000 hotfixes that are installed on your computer to determine if any of your current hotfixes are affected. For more information about this tool and how to install it, click the following article number to view the article in the Microsoft Knowledge Base:

282784 Qfecheck.exe verifies the installation of Windows 2000 and Windows XP hotfixes

 Install the updated Windows 2000 post-SP1 catalog file.  Windows 2000 SP1 includes an update that allows .cat files to be dynamically read when they are installed; therefore, you do not need to restart your computer after applying this package.

If you are running Windows 2000 SP1, download the following file:

Download Q281767_w2k_sp2_x86_en.exe now

 Windows 2000-based computers without SP1 read catalog information when the system is started. After you apply this package you are prompted to restart your computer.

If you are not running Windows 2000 SP1, download the following file:

Download Q285083_w2k_sp2_x86_en.exe now



For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

The English-language version of this fix should have the following file attributes or later:   Date        Time    Size     File name --  12/14/2000  05:11a  626,702  Sp2.cat

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section. This problem was first corrected in Windows 2000 Service Pack 2.

<div class="moreinformation_section">

MORE INFORMATION
Every Microsoft hotfix for Windows 2000 contains a catalog file. This catalog file contains the information that is used by the Windows File Protection feature to verify the files in the hotfix package. For Windows 2000 post-SP1 hotfixes, the file is named Sp2.cat. For more information about the Windows File Protection feature, click the following article number to view the article in the Microsoft Knowledge Base:

222193 Description of the Windows 2000 Windows File Protection feature

Hotfix catalog files are cumulative. The latest hotfix file contains information for all hotfixes that were created before it. This allows one version of the file to be installed while earlier hotfixed files continue to be valid.

This problem affects the following Microsoft Security Bulletin fixes that are referenced on the following Microsoft Web site:

http://www.microsoft.com/technet/security

 Security bulletin:

MS00-036

Microsoft Knowledge Base article:

262694 Malicious user can shut down computer browser service

</li> Security bulletin:

MS00-044

Microsoft Knowledge Base article:

267559 GET on HTR file can cause a &quot;denial of service&quot; or enable directory browsing

</li> Security bulletin:

MS00-047

Microsoft Knowledge Base article:

269239 NetBIOS vulnerability may cause duplicate name on the network conflicts

</li> Security bulletin:

MS00-050

Microsoft Knowledge Base article:

267843 Windows 2000 Telnet Server stops responding after binary input

</li> Security bulletin:

MS00-052

Microsoft Knowledge Base article:

269049 Registry-invoked programs use standard search path

</li> Security bulletin:

MS00-053

Microsoft Knowledge Base article:

269523 Service Control Manager named pipe impersonization vulnerability

</li> Security bulletin:

MS00-057

Microsoft Knowledge Base article:

269862 Patch released for canonicalization error issue

</li> Security bulletin:

MS00-058

Microsoft Knowledge Base article:

256888 Internet Information Service may return source of active server pages file

</li> Security bulletin:

MS00-059

Microsoft Knowledge Base article:

273735 INFO: Fix list for the Microsoft virtual machine build 3316

</li> Security bulletin:

MS00-060

Microsoft Knowledge Base article:

260347 IIS 4: Fix for cross-site scripting issues

</li> Security bulletin:

MS00-065

Microsoft Knowledge Base article:

272736 Windows 2000 Still Image service exposes user elevation vulnerability

</li> Security bulletin:

MS00-066

Microsoft Knowledge Base article:

272303 RPC Server service stops responding

</li> Security bulletin:

MS00-067

Microsoft Knowledge Base article:

272743 HTML e-mail link transmits user name and password to unauthorized server

</li> Security bulletin:

MS00-069

Microsoft Knowledge Base article:

270676 Users might gain full control of a system via the &quot;simplified Chinese IME state recognition&quot; vulnerability

</li> Security bulletin:

MS00-070

Microsoft Knowledge Base article:

266433 Patch for numerous vulnerabilities in the LPC port system calls

</li> <li>Security bulletin:

MS00-075

Microsoft Knowledge Base article:

275526 Fix list for the Microsoft virtual machine build 3318

</li> <li>Security bulletin:

MS00-077

Microsoft Knowledge Base article:

273854 Denial of service can occur with Microsoft NetMeeting

</li> <li>Security bulletin:

MS00-080

Microsoft Knowledge Base article:

274149 Cookies are not marked as SSL-secured in IIS

</li> <li>Security bulletin:

MS00-081

Microsoft Knowledge Base article:

277007 INFO: Fix List for the Microsoft virtual machine build 3319

</li> <li>Security bulletin:

MS00-083

Microsoft Knowledge Base article:

274835 Buffer overflow in Network Monitor may cause vulnerability

</li> <li>Security bulletin:

MS00-084

Microsoft Knowledge Base article:

278499 Update available for indexing service availability

</li> <li>Security bulletin:

MS00-085

Microsoft Knowledge Base article:

278511 Patch available for ActiveX parameter validation vulnerability

</li> <li>Security bulletin:

MS00-086

Microsoft Knowledge Base article:

277873 Patch for &quot;Web server file request parsing&quot; vulnerability

</li> <li>Security bulletin:

MS00-089

Microsoft Knowledge Base article:

274372 Patch released for &quot;domain account lockout&quot; vulnerability

</li></ul>

Additional query words: Q285083_w2k_sp2_x86_en exe Q281767_w2k_sp2_x86_en Q285083 w2k sp2 x86 en Q281767

Keywords: kbbug kbfix kbgraphxlinkcritical kbwin2000presp2fix kbqfe kbsetup kbhotfixserver KB281767

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.