Windows 2000 Service Pack 3 (SP3)
| Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
Microsoft has released Service Pack 3 for Windows 2000.
Service Pack 3 (SP3) provides the latest updates to the Windows 2000 Family of Operating Systems. These updates are a collection of fixes in the following areas: operating system reliability, application compatibility, setup, and security issues. This service pack includes fully regression-tested versions of the patches for all security vulnerabilities that had been discovered in Windows 2000 up to the closing date of Service Pack development. The following Microsoft Security Bulletins are included in Service Pack 3.
MS00-077 (299796) - Patch Available for 'NetMeeting Desktop Sharing' Vulnerability
MS00-079 (276471) - Patch Available for 'HyperTerminal Buffer Overflow' Vulnerability
MS01-004 (285985) - Malformed .HTR Request Allows Reading of File Fragments
MS01-007 (285851) - Network DDE Agent Requests Can Enable Code to Run in System Context
MS01-011 (287397) - Malformed Request to Domain Controller can Cause CPU Exhaustion (superseded by MS01-024)
MS01-013 (285156) - Windows 2000 Event Viewer Contains Unchecked Buffer
MS01-024 (294391) - Malformed Request to Domain Controller Can Cause Memory Exhaustion
MS01-025 (296185) - Index Server Search Function Contains Unchecked Buffer
MS01-026 (293826) - 14 May 2001 Cumulative Patch for IIS
MS01-031 (299553) - Predictable Named Pipes Could Enable Privilege Elevation via Telnet
MS01-033 (300972) - Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise
MS01-035 (300477) - FrontPage Server Extension Sub-Component Contains Unchecked Buffer
MS01-036 (299687) - Function Exposed via LDAP over SSL Could Enable Passwords to be Changed
MS01-037 (302755) - Authentication Error in SMTP Service Could Allow Mail Relaying
MS01-040 (292435) - Invalid RDP Data Can Cause Memory Leak in Terminal Services
MS01-041 (298012) - Malformed RPC Request Can Cause Service Failure
MS01-042 (304404) - Windows Media Player .NSC Processor Contains Unchecked Buffer
MS01-043 (303984) - NNTP Service in Windows NT 4.0 and Windows 2000 Contains Memory Leak
MS01-044 (301625) - 15 August 2001 Cumulative Patch for IIS
MS01-046 (252795) - Access Violation in Windows 2000 IRDA Driver Can Cause System to Restart
MS01-052 (307454) - Invalid RDP Data Can Cause Terminal Service Failure
MS01-060 (305601) - SQL Server Text Formatting Functions Contain Unchecked Buffers
MS02-001 (311401) - Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data
MS02-004 (307298) - Unchecked Buffer in Telnet Server Could Lead to Arbitrary Code Execution
MS02-006 (314147) - Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run
MS02-011 (313450) - Authentication Flaw Could Allow Unauthorized Users To Authenticate To SMTP Service
MS02-012 (313450) - Malformed Data Transfer Request Can Cause Windows SMTP Service to Fail
MS02-013 (300845) - 04 March 2002 Cumulative VM Update
MS02-014 (313829) - Unchecked Buffer in Windows Shell Could Lead to Code Execution
MS02-016 (318593) - Opening Group Policy Files for Exclusive Read Blocks Policy Application
MS02-017 (311967) - Unchecked Buffer in the Multiple UNC Provider Could Enable Code Execution
MS02-018 (319733) - Cumulative Patch for Internet Information Service
MS02-024 (320206) - Authentication Flaw in Windows Debugger Can Lead to Elevated Privileges
MS02-028 (321599) - Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise
MS02-029 (318138) - Unchecked Buffer in Remote Access Service Phonebook Could Lead to Code Execution
Internet Explorer 5.5 and Internet Explorer 6 security patches are NOT included in Windows 2000 Service Pack 3. Customers running Internet Explorer 5.5 are encouraged to review and apply security patches (related to their IE 5.5 Service Pack) identified here: https://www.microsoft.com/technet/security/current.asp?productID=80&servicePackId=0
Customers running Internet Explorer 6.0 are encouraged to review and apply security patches (related to their IE 6.0 Service Pack) identified here:
https://www.microsoft.com/technet/security/current.asp?productID=119&servicePackId=0
Security patches for issues affecting Internet Explorer 5.01 Service Pack 2 have been included in Windows 2000 Service Pack 3. Specifically, IE 5.01 Service Pack 2 patches referenced in the following security bulletins are included in Windows 2000 Service Pack 3:
MS01-051(306121) - Malformed Dotless IP Address Can Cause a Web Page to Be Handled in the Intranet Zone
MS01-055 (312461) - Internet Explorer Cookie Data Can Be Exposed or Altered Through Script Injection
MS01-058 (313675) - File Vulnerability Patch for Internet Explorer 5.5 and Internet Explorer 6
MS02-005(316059) - February 11, 2002, Cumulative Patch for Internet Explorer
To get more information about Windows 2000 SP3 and to download the Service Pack, click here.