This update resolves the "Indexing Services Cross Site Scripting" vulnerability in Indexing Services for Windows 2000, and is discussed in Microsoft Security Bulletin MS00-084. Download now to help prevent a malicious user from introducing unauthorized code on your Web server.
The Indexing Services is a search engine that is integrated with Internet Information Services 5.0 (IIS 5.0) and Windows 2000, and allows browsers to perform full-text searches of Web sites. this vulnerability exists because Indexing Services does not validate all search inputs properly before processing them, and is consequently vulnerable to Cross-Site Scripting (CSS). CSS allows a malicious user to "inject" code into another person's Web session. If a malicious user is successful in exploiting this vulnerability, a Web site hosted by your server can be used to run code on a visting user's browser each time the user returns to your Web site.
Note The Indexing Services ships and installs with Windows 2000, but is not enabled by default. Microsoft recommends that you apply this update if you are running Web servers on Windows 2000, and you have enabled Indexing Services,For more information about this vulnerability, read Microsoft Security Bulletin MS00-084. (This site is in English.)