This update resolves the "Directory Service Restore Mode Password" vulnerability for Windows 2000 domain controllers, and is discussed in Microsoft Security Bulletin MS00-099. Download now to help prevent a malicious user from gaining administrative access to your computer.

If a malicious user logs on to a server on your network, and promotes the server to a domain controller using the "Configure Your Server" tool, the Directory Service Restore Mode and Recovery Console passwords are left blank, and the user is not required to enter a password to gain administrative access. This access could be used to take any action on the domain, including creating or modifying user accounts, altering the active directory, or changing domain security policies. This update synchronizes the passwords for both the Directory Service Restore Mode and the Recovery Console so that they are the same as the administrator’s password.

Note The "Configure Your Server" tool can be used only on the first domain controller in a forest (a collection of one or more Windows 2000 domains that share a common schema, configuration, and global catalog), so subsequent domain controllers are not affected by the vulnerability.

For more information about this vulnerability, please read Microsoft Security Bulletin MS00-099. (This site is in English.)

• Windows 2000 Server
• Windows 2000 Advanced Server

1. Click Start, point to Settings, and then click Control Panel.
2. Double-click Add/Remove Programs.
3. Select Windows 2000 Hotfix (Pre-SP2) [See Q271641 for more information] and click Change/Remove to uninstall.