DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 299444 - Last Review: June 19, 2014 - Revision: 11.0

We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 on a Microsoft Windows Server 2003-based computer. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/prodtech/IIS.mspx (http://www.microsoft.com/technet/security/prodtech/IIS.mspx)

On This Page

Summary

Microsoft has released a Security Rollup Package (SRP) for Windows NT 4.0 that includes the functionality from all security patches released for Windows NT 4.0 since the release of Windows NT 4.0 Service Pack 6a (SP6a). This small, comprehensive rollup of post-SP6a fixes provides an easier mechanism for managing the rollout of security fixes. Applying the SRP does not change the encryption level of your computer.

Compaq Array Controller Users

If you have installed the Compaq Array Controller Driver (Cpqarray.sys) from the Compaq Web Site, Compaq FTP Site, or Compaq SmartStart, please see the following article in the Microsoft Knowledge Base regarding Compaq Array controllers and the Windows NT 4.0 SRP:
305228  (http://support.microsoft.com/kb/305228/ ) "STOP 0xA" occurs after applying Windows NT 4.0 Security Rollup Package

Digital Signature Issue

If you are running Internet Explorer 5.5 Service Pack 2 (SP2) or Internet Explorer 5.01 Service Pack 2 (SP2) and you access any secure website (https://) that uses Secure Sockets Layer (SSL), see the following article in the Microsoft Knowledge Base:
305929  (http://support.microsoft.com/kb/305929/ ) "This certificate has an invalid digital signature" error message after you install the Windows NT 4.0 Security Rollup Package

Microsoft IntelliPoint Users

If you use a version of Microsoft IntelliPoint earlier than 2.2, see the following article in the Microsoft Knowledge Base before you install the SRP:
305462  (http://support.microsoft.com/kb/305462/ ) Mouse and keyboard stop working after you install the Windows NT 4.0 Security Rollup Package

HP NTLock Users

If you use HP NTLock, see the following article in the Microsoft Knowledge Base:
311860  (http://support.microsoft.com/kb/311860/ ) The Hewlett-Packard NTLock services do not start after you install the Windows NT 4.0 Security Rollup Package
If you add optional services, you must reapply the Windows NT 4.0 service pack and then the SRP. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
196269  (http://support.microsoft.com/kb/196269/ ) When to reinstall a service pack
If you need to add optional services, follow these steps:
  1. Install all optional services and companion services. You will be prompted for the original Window NT 4.0 media.
  2. After the files are installed from the original media, but before you restart your computer, reinstall Windows NT 4.0 SP6a. You must reinstall SP6a before you reinstall the SRP because the SRP requires SP6a.
  3. Restart your computer.
  4. Reinstall the SRP.
  5. Restart your computer.
  6. Install other post-SP6a hotfixes as necessary. For more information about the SRP, visit the following Microsoft Web site:
    http://technet.microsoft.com/en-us/library/cc767870.aspx (http://technet.microsoft.com/en-us/library/cc767870.aspx)
  7. Restart your computer.
For additional information about how to install multiple hotfixes with only one reboot, click the following article number to view the article in the Microsoft Knowledge Base:
296861  (http://support.microsoft.com/kb/296861/ ) How to install multiple Windows updates or hotfixes with only one reboot

More information

Patches are available from the following Microsoft Web site (if your language is not listed, please check back):

Collapse this imageExpand this image
Download
English Language Version (http://download.microsoft.com/download/winntsp/Patch/q299444/NT4/EN-US/Q299444i.exe)

Collapse this imageExpand this image
Download
Arabic Language Version (http://download.microsoft.com/download/winntsp/Patch/q299444/NT4/HE/METQ299444i.exe)

Collapse this imageExpand this image
Download
Chinese (Hong Kong) Language Version (http://download.microsoft.com/download/winntsp/PatchHK/q299444/NT4/TW/CHPQ299444i.exe)

Collapse this imageExpand this image
Download
Chinese (Simplified) Language Version (http://download.microsoft.com/download/winntsp/Patch/q299444/NT4/CN/CHSQ299444i.exe)

Collapse this imageExpand this image
Download
Chinese (Traditional) Language Version (http://download.microsoft.com/download/winntsp/Patch/q299444/NT4/TW/CHTQ299444i.exe)

Collapse this imageExpand this image
Download
Czech Language Version (http://download.microsoft.com/download/winntsp/Patch/q299444/NT4/CS/CZEQ299444i.exe)

Collapse this imageExpand this image
Download
Danish Language Version (http://download.microsoft.com/download/winntsp/Patch/q299444/NT4/DA/DANQ299444i.exe)

Collapse this imageExpand this image
Download
Dutch Language Version (http://download.microsoft.com/download/winntsp/Patch/q299444/NT4/NL/NLDQ299444i.exe)

Collapse this imageExpand this image
Download
Finnish Language Version (http://download.microsoft.com/download/winntsp/Patch/q299444/NT4/FI/FINQ299444i.exe)

Collapse this imageExpand this image
Download
French Language Version (http://download.microsoft.com/download/winntsp/Patch/q299444/NT4/FR/FRNQ299444i.exe)

Collapse this imageExpand this image
Download
French (Canadian) Language Version (http://download.microsoft.com/download/winntsp/FrCan/q299444/NT4/FR/FRN_CAQ299444i.exe)

Collapse this imageExpand this image
Download
German Language Version (http://download.microsoft.com/download/winntsp/Patch/q299444/NT4/DE/DEUQ299444i.exe)

Collapse this imageExpand this image
Download
Hebrew Language Version (http://download.microsoft.com/download/winntsp/Patch/q299444/NT4/HE/METQ299444i.exe)

Collapse this imageExpand this image
Download
Hungarian Language Version (http://download.microsoft.com/download/winntsp/Patch/q299444/NT4/HU/HUNQ299444i.exe)

Collapse this imageExpand this image
Download
Italian Language Version (http://download.microsoft.com/download/winntsp/Patch/q299444/NT4/IT/ITAQ299444i.exe)

Collapse this imageExpand this image
Download
Japanese Language Version (http://download.microsoft.com/download/winntsp/Patch/q299444/NT4/JA/JPNQ299444i.exe)

Collapse this imageExpand this image
Download
Japanese NEC Language Version (http://download.microsoft.com/download/winntsp/NEC98/q299444/NT4/JA/JPNQ299444n.exe)

Collapse this imageExpand this image
Download
Korean Language Version (http://download.microsoft.com/download/winntsp/Patch/q299444/NT4/KO/KORQ299444i.exe)

Collapse this imageExpand this image
Download
Norwegian Language Version (http://download.microsoft.com/download/winntsp/Patch/q299444/NT4/NO/NORQ299444i.exe)

Collapse this imageExpand this image
Download
Polish Language Version (http://download.microsoft.com/download/winntsp/Patch/q299444/NT4/PL/POLQ299444i.exe)

Collapse this imageExpand this image
Download
Portuguese (Brazilian) Language Version (http://download.microsoft.com/download/winntsp/Patch/q299444/NT4/PT-BR/BRAQ299444i.exe)

Collapse this imageExpand this image
Download
Russian Language Version (http://download.microsoft.com/download/winntsp/Patch/q299444/NT4/RU/RUSQ299444i.exe)

Collapse this imageExpand this image
Download
Spanish Language Version (http://download.microsoft.com/download/winntsp/Patch/q299444/NT4/ES/SPAQ299444i.exe)

Collapse this imageExpand this image
Download
Swedish Language Version (http://download.microsoft.com/download/winntsp/Patch/q299444/NT4/SV/SVEQ299444i.exe)

Collapse this imageExpand this image
Download
Thai Language Version (http://download.microsoft.com/download/winntsp/Patch/q299444/NT4/HE/METQ299444i.exe)
Note This patch requires Windows NT 4.0 SP6a. Release Date: July 26, 2001

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591  (http://support.microsoft.com/kb/119591/ ) How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. Note When you apply the Post-Windows NT 4.0 SP6a SRP (which includes the security patch mentioned in bulletin MS01-026), be aware that the Post-Windows NT 4.0 SP6a SRP may introduce new problems. To fix these new problems, install the additional patches that are described in the following articles in the Microsoft Knowledge Base:
299273  (http://support.microsoft.com/kb/299273/ ) UPN logon option does not work after you apply fix from MS01-026 security bulletin
269430  (http://support.microsoft.com/kb/269430/ ) Incorrect error message double-clicking lock icon in SSL-secured connection

Fixes that are included in the SRP

The SRP includes all post-SP6a fixes that have been delivered via Microsoft Security Bulletins (http://www.microsoft.com/technet/security/default.mspx) . In addition, it also includes a small number of fixes that have not been previously discussed. Because security bulletins are disruptive to customers' normal maintenance procedures, Microsoft typically issues them only when a security issue poses an immediate danger to your systems. Issues that do not meet this standard are typically addressed through other delivery vehicles such as service packs or, in this case, the SRP.
241041  (http://support.microsoft.com/kb/241041/ ) Enabling NetBT to open IP ports exclusively
243649  (http://support.microsoft.com/kb/243649/ ) MS99-047: Unchecked print spooler buffer may expose system vulnerability
243835  (http://support.microsoft.com/kb/243835/ ) MS99-046: How to prevent predictable TCP/IP initial sequence numbers
244599  (http://support.microsoft.com/kb/244599/ ) Fixes required in TCSEC C2 security evaluation configuration for Windows NT 4.0 Service Pack 6a
246045  (http://support.microsoft.com/kb/246045/ ) MS99-055: Malformed resource enumeration arguments may cause named pipes and other system services to fail
247869  (http://support.microsoft.com/kb/247869/ ) MS00-003: Local procedure call may permit unauthorized account usage
248183  (http://support.microsoft.com/kb/248183/ ) Syskey tool reuses keystream
248185  (http://support.microsoft.com/kb/248185/ ) Security Identifier enumeration function in LSA may not handle argument properly
248399  (http://support.microsoft.com/kb/248399/ ) MS00-007: Shared workstation setup may permit access to Recycle Bin files
249108  (http://support.microsoft.com/kb/249108/ ) Registry data is viewable by all users during Rdisk repair update
249197  (http://support.microsoft.com/kb/249197/ ) Internet Explorer does not allow use of single SGC certificate with 128-Bit encryption for virtual sites
249863  (http://support.microsoft.com/kb/249863/ ) SGC connections may fail from domestic clients
249973  (http://support.microsoft.com/kb/249973/ ) MS00-005: Default RTF file viewer interrupts normal program processing
250625  (http://support.microsoft.com/kb/250625/ ) MS00-024: Default registry key permissions may allow privilege elevation
252463  (http://support.microsoft.com/kb/252463/ ) MS00-006: Index server error message reveals physical location of Web folders
257870  (http://support.microsoft.com/kb/257870/ ) Malformed print request may stop Windows 2000 TCP/IP Printing service
259042  (http://support.microsoft.com/kb/259042/ ) Handle Leak in WinLogon after applying Windows NT 4.0 Service Pack 6
259496  (http://support.microsoft.com/kb/259496/ ) MS00-008: Incorrect registry setting may allow cryptography key compromise
259622  (http://support.microsoft.com/kb/259622/ ) MS00-027: Command processor may not parse excessive arguments properly
259728  (http://support.microsoft.com/kb/259728/ ) MS00-029: Windows hangs with fragmented IP datagrams
259773  (http://support.microsoft.com/kb/259773/ ) MS00-003: Incorrect response to local procedure call causes "Stop" error message
262388  (http://support.microsoft.com/kb/262388/ ) Denial-of-service attack possible from Linux RPC client
262694  (http://support.microsoft.com/kb/262694/ ) MS00-036: Malicious user can shut down computer browser service
264684  (http://support.microsoft.com/kb/264684/ ) MS00-040: Patch for "Remote Registry Access Authentication" vulnerability
265714  (http://support.microsoft.com/kb/265714/ ) MS00-095: Windows NT 4.0 SNMP registry entries are readable
266433  (http://support.microsoft.com/kb/266433/ ) MS00-070: Patch for numerous vulnerabilities in the LPC port system calls
267858  (http://support.microsoft.com/kb/267858/ ) "Memory could not be read" error message while doing file operation
267861  (http://support.microsoft.com/kb/267861/ ) MS00-095: RAS registry modification allowed without administrative rights
267864  (http://support.microsoft.com/kb/267864/ ) MS00-095: MTS Package Administration Key includes information about users
268082  (http://support.microsoft.com/kb/268082/ ) DNS SOA record may reveal Administrator account name
269049  (http://support.microsoft.com/kb/269049/ ) MS00-052: Registry-invoked programs use standard search path
269239  (http://support.microsoft.com/kb/269239/ ) MS00-047: NetBIOS vulnerability may cause duplicate name on the network conflicts
271216  (http://support.microsoft.com/kb/271216/ ) Fix for e-mail issues between 128-bit and 56-bit encryption using French regional settings
274835  (http://support.microsoft.com/kb/274835/ ) MS00-083: Buffer overflow in Network Monitor may cause vulnerability
275567  (http://support.microsoft.com/kb/275567/ ) MS00-091: Multiple NetBT sessions may hang local host
276575  (http://support.microsoft.com/kb/276575/ ) MS00-094: Patch available for "Phone Book service buffer overflow" vulnerability
279336  (http://support.microsoft.com/kb/279336/ ) MS01-003: Patch available for Winsock mutex vulnerability
279843  (http://support.microsoft.com/kb/279843/ ) Some system named pipes are not created with appropriate permissions
280119  (http://support.microsoft.com/kb/280119/ ) MS01-008: A patch is available for the NTLMSSP privilege elevation vulnerability
283001  (http://support.microsoft.com/kb/283001/ ) MS01-009: Patch available for malformed PPTP packet stream vulnerability
293818  (http://support.microsoft.com/kb/293818/ ) MS01-017: Erroneous VeriSign-issued digital certificates pose spoofing hazard
294472  (http://support.microsoft.com/kb/294472/ ) MS99-057: Index Server search function contains unchecked buffer
296185  (http://support.microsoft.com/kb/296185/ ) MS01-025: Patch available for new variant of the "Malformed Hit-Highlighting" vulnerability
298012  (http://support.microsoft.com/kb/298012/ ) MS01-041: Malformed RPC request can cause service problems
300972  (http://support.microsoft.com/kb/300972/ ) MS01-033: Unchecked buffer in Index Server ISAPI extension can enable Web server compromise
303628  (http://support.microsoft.com/kb/303628/ ) Relative path issue can allow program to be run under the System context

IIS fixes that are included in the SRP

252693  (http://support.microsoft.com/kb/252693/ ) Chunked encoding request with no data causes IIS memory leak
254142  (http://support.microsoft.com/kb/254142/ ) MS00-023: 100% CPU usage occurs when you send a large escape sequence
260205  (http://support.microsoft.com/kb/260205/ ) MS00-030: HTTP request with a large number of dots or dot-slashes causes high CPU utilization
260838  (http://support.microsoft.com/kb/260838/ ) MS00-031: IIS stops servicing HTR requests
267559  (http://support.microsoft.com/kb/267559/ ) MS00-044: GET on HTR file cancCause a "Denial of Service" or enable directory browsing
269862  (http://support.microsoft.com/kb/269862/ ) MS00-057: Patch released for canonicalization error issue
271652  (http://support.microsoft.com/kb/271652/ ) MS00-063: Patch released for malformed URL vulnerability that disables Web server response
274149  (http://support.microsoft.com/kb/274149/ ) Cookies are not marked as SSL-secured in IIS
277873  (http://support.microsoft.com/kb/277873/ ) MS00-086: Patch Available for "Web Server File Request Parsing" vulnerability
285985  (http://support.microsoft.com/kb/285985/ ) MS01-004: Patch available for new variant of File Fragment Reading via .HTR vulnerability
295534  (http://support.microsoft.com/kb/295534/ ) Superfluous decoding operation can allow command execution through IIS
The fixes that are listed in the May 14, 2001 section of the following article in the Microsoft Knowledge Base are included in the Post-Windows NT 4.0 SP6a SRP:
297860  (http://support.microsoft.com/kb/297860/ ) MS01-044: IIS 5.0 Security and post-Windows NT 4.0 SP5 IIS 4.0 patch rollup
Keywords: 
kbfix kbinfo kbqfe KB299444
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support