Windows 2000 Service Pack 3 (SP3)

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

Microsoft has released Service Pack 3 for Windows 2000.

Service Pack 3 (SP3) provides the latest updates to the Windows 2000 Family of Operating Systems. These updates are a collection of fixes in the following areas: operating system reliability, application compatibility, setup, and security issues. This service pack includes fully regression-tested versions of the patches for all security vulnerabilities that had been discovered in Windows 2000 up to the closing date of Service Pack development. The following Microsoft Security Bulletins are included in Service Pack 3.

MS00-077 (299796) - Patch Available for 'NetMeeting Desktop Sharing' Vulnerability

MS00-079 (276471) - Patch Available for 'HyperTerminal Buffer Overflow' Vulnerability

MS01-004 (285985) - Malformed .HTR Request Allows Reading of File Fragments

MS01-007 (285851) - Network DDE Agent Requests Can Enable Code to Run in System Context

MS01-011 (287397) - Malformed Request to Domain Controller can Cause CPU Exhaustion (superseded by MS01-024)

MS01-013 (285156) - Windows 2000 Event Viewer Contains Unchecked Buffer

MS01-024 (294391) - Malformed Request to Domain Controller Can Cause Memory Exhaustion

MS01-025 (296185) - Index Server Search Function Contains Unchecked Buffer

MS01-026 (293826) - 14 May 2001 Cumulative Patch for IIS

MS01-031 (299553) - Predictable Named Pipes Could Enable Privilege Elevation via Telnet

MS01-033 (300972) - Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise

MS01-035 (300477) - FrontPage Server Extension Sub-Component Contains Unchecked Buffer

MS01-036 (299687) - Function Exposed via LDAP over SSL Could Enable Passwords to be Changed

MS01-037 (302755) - Authentication Error in SMTP Service Could Allow Mail Relaying

MS01-040 (292435) - Invalid RDP Data Can Cause Memory Leak in Terminal Services

MS01-041 (298012) - Malformed RPC Request Can Cause Service Failure

MS01-042 (304404) - Windows Media Player .NSC Processor Contains Unchecked Buffer

MS01-043 (303984) - NNTP Service in Windows NT 4.0 and Windows 2000 Contains Memory Leak

MS01-044 (301625) - 15 August 2001 Cumulative Patch for IIS

MS01-046 (252795) - Access Violation in Windows 2000 IRDA Driver Can Cause System to Restart

MS01-052 (307454) - Invalid RDP Data Can Cause Terminal Service Failure

MS01-060 (305601) - SQL Server Text Formatting Functions Contain Unchecked Buffers

MS02-001 (311401) - Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data

MS02-004 (307298) - Unchecked Buffer in Telnet Server Could Lead to Arbitrary Code Execution

MS02-006 (314147) - Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run

MS02-011 (313450) - Authentication Flaw Could Allow Unauthorized Users To Authenticate To SMTP Service

MS02-012 (313450) - Malformed Data Transfer Request Can Cause Windows SMTP Service to Fail

MS02-013 (300845) - 04 March 2002 Cumulative VM Update

MS02-014 (313829) - Unchecked Buffer in Windows Shell Could Lead to Code Execution

MS02-016 (318593) - Opening Group Policy Files for Exclusive Read Blocks Policy Application

MS02-017 (311967) - Unchecked Buffer in the Multiple UNC Provider Could Enable Code Execution

MS02-018 (319733) - Cumulative Patch for Internet Information Service

MS02-024 (320206) - Authentication Flaw in Windows Debugger Can Lead to Elevated Privileges

MS02-028 (321599) - Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise

MS02-029 (318138) - Unchecked Buffer in Remote Access Service Phonebook Could Lead to Code Execution

Internet Explorer 5.5 and Internet Explorer 6 security patches are NOT included in Windows 2000 Service Pack 3. Customers running Internet Explorer 5.5 are encouraged to review and apply security patches (related to their IE 5.5 Service Pack) identified here:

Customers running Internet Explorer 6.0 are encouraged to review and apply security patches (related to their IE 6.0 Service Pack) identified here:

Security patches for issues affecting Internet Explorer 5.01 Service Pack 2 have been included in Windows 2000 Service Pack 3. Specifically, IE 5.01 Service Pack 2 patches referenced in the following security bulletins are included in Windows 2000 Service Pack 3:

MS01-051(306121) - Malformed Dotless IP Address Can Cause a Web Page to Be Handled in the Intranet Zone

MS01-055 (312461) - Internet Explorer Cookie Data Can Be Exposed or Altered Through Script Injection

MS01-058 (313675) - File Vulnerability Patch for Internet Explorer 5.5 and Internet Explorer 6

MS02-005(316059) - February 11, 2002, Cumulative Patch for Internet Explorer

To get more information about Windows 2000 SP3 and to download the Service Pack, click here.