This update resolves the "Indexing Service File Enumeration" vulnerability in Indexing Service 3.0. An ActiveX control that is shipped with Indexing Service is incorrectly marked as "safe for scripting." The control makes it possible for Web applications and other programs to list the names of files and folders on a Windows 2000 computer. Because this control is marked "safe for scripting," a malicious Web site operator could use the control to gather the names and properties of files and folders on an affected visiting user's computer. Download now to help prevent a malicious Web site operator from gathering information about your files and folders.

Under very specific circumstances, if Indexing Service is running on an affected computer, the malicious Web site operator may be able to search for files that contain specific words.

For more information on this vulnerability, please read Microsoft Security Bulletin MS00-098. (This site is in English.)

Note An update has not been provided for Index Server 2.0 because this product should only be installed on Web servers, which should not be used to browse the Internet.

1. Click Start, point to Settings, and then click Control Panel.
2. Double-click Add/Remove Programs.
3. Select Windows 2000 Hotfix (Pre-SP2) [See Q280838 for more information] and click Change/Remove to uninstall.