This update resolves the "Phone Book Service Buffer Overflow" security vulnerability in Windows NT® 4.0. The Phone Book Service that runs on Internet Information Server (IIS) 4.0 has an unchecked buffer (a temporary data storage area) in the code that processes requests for phone book updates. A specifically malformed HTTP request from a malicious user can cause a buffer overflow in the Phone Book Service, which might allow the malicious user to run unauthorized code on the server, or cause the service to fail. Download now to prevent a malicious user from running code to add, change, or delete data on your Web server.

Note Web servers that do not have the Phone Book Service installed are not at risk from this vulnerability.

For more information on this vulnerability, please read Microsoft Security Bulletin MS00-094. (This site is in English.)

• Windows NT 4.0 Server
• Windows NT 4.0 Server, Enterprise Edition
• Internet Information Server 4.0

1. Click Start, point to Settings, and then click Control Panel.
2. Double-click Add/Remove Programs.
3. Select Windows 4.0 Hotfix [See Q276575 for more information] and click Add/Remove to uninstall.