This update resolves the "Malformed RPC Packet" security vulnerability in Windows 2000 and is discussed in Microsoft Security Bulletin MS00-066. Download now to help prevent a malicious user from launching a Denial of Service attack via the Remote Procedure Call (RPC) client.

In order to exploit this vulnerability, a malicious RPC client must send a malformed RPC packet to a Windows 2000 server. On receiving the malformed RPC packet, the server stops responding to client requests. This is a Denial of Service vulnerability which primarily affects Windows 2000 servers that are directly exposed on the Internet. A server behind a firewall that blocks ports 135-139 and 445 are not affected by this vulnerability. RPC services and the functioning of the server can be restored after an attack by restarting the affected computer.

For more information about these vulnerabilities, read Microsoft Security Bulletin MS00-066. (This site is in English.)

• Microsoft Windows 2000 Professional
• Microsoft Windows 2000 Server
• Microsoft Windows 2000 Advanced Server

1. Click Start, point to Settings, and then click Control Panel.
2. Double-click Add/Remove Programs.
3. Click Windows 2000 Hotfix [See Q272303 for more information].
4. Click Change/Remove.