This update resolves the "Domain Account Lockout" security vulnerability in Windows 2000. Under very specific conditions, a malicious user can try repeatedly to guess an account password, even if the domain administrator has set the Account Lockout Policy to disable the account after a specified number of attempts to access it. Download now to ensure the Account Lockout Policy helps prevent unauthorized access to the computers in your network.

A number of factors limit the scope of this vulnerability:

• This vulnerability only affects Windows 2000 computers that are members of a non-Windows 2000 domain. Stand-alone Windows 2000 computers and Windows 2000 computers that are members of a Windows 2000 domain are not vulnerable.
• A password-guessing attack is restricted to domain accounts that have cached the logon credentials of an authorized user.
• If a malicious user guesses the correct password, he or she can only use it to log on to the local computer. The domain Account Lockout Policy still prevents a domain controller from authenticating an unauthorized user and it prevents a malicious user from accessing other computers in the domain using the guessed password.

For more information about this vulnerability, please read Microsoft Security Bulletin MS00-089. (This site is in English.)

• Windows 2000 Professional, Service Pack 1
• Windows 2000 Server, Service Pack 1
• Windows 2000 Advanced Server, Service Pack 1

1. Click Start, point to Settings, and then click Control Panel.
2. Double-click Add/Remove Programs.
3. Select Windows 2000 Hotfix (Pre-SP2) [See Q274372 for more information] and click Change/Remove to uninstall.
   Print... | Close