This article describes Update Rollup 1 for Microsoft Windows 2000 Service Pack 4 (SP4). Update Rollup 1 for Windows 2000 SP4 was released June 28, 2005. This update rollup contains a list of security-related updates produced for Windows 2000 between the release of Windows 2000 SP4 and April 30, 2005. April 30, 2005 is the date when the contents for Update Rollup 1 were locked down for final testing by Microsoft, external beta testing sites, and customer sites. Additionally, this update rollup contains several important non-security updates. This article contains detailed information about this update rollup, answers frequently asked questions about this update rollup, and lists the fixes that are included in this update rollup.

This article contains information about Update Rollup 1 for Windows 2000 SP4 and answers frequently asked questions about this update rollup. This article also lists the fixes that are included in this update rollup and includes information about security-related changes in the Windows 2000 Telephony Application Programming Interface (TAPI). Update Rollup 1 for Windows 2000 SP4 makes it easier for customers to enhance and maintain the security and stability of their Windows 2000-based computers. For more information about the problems that are fixed in Update Rollup 1 for Windows 2000 SP4, click the following article number to view the article in the Microsoft Knowledge Base:

Download information

To download and install Update Rollup 1 for Windows 2000 SP4, visit the following Microsoft Windows Update Web site, and then install high-priority update 891861:You can also download this update rollup to deploy to multiple Windows 2000-based computers. The package is available from the Microsoft Download Center. To download the package from the Windows Update Catalog, search for this article ID number (891861) by using the Advanced Search Options feature in the Windows Update Catalog. For more information about how to download updates from the Windows Update Catalog, click the following article number to view the article in the Microsoft Knowledge Base: The following file is available for download from the Microsoft Download Center:

Download the Windows2000-KB891861-x86-ENU.EXE package now.

Release Date: June 27, 2005

For more information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base: Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

By including the most important updates for Windows 2000, Update Rollup 1 for Windows 2000 SP4 helps customers to make existing Windows 2000-based computers more secure and up to date. Update Rollup 1 for Windows 2000 SP4 will also make it easier for customers to build new deployment images. This update rollup should require less pre-deployment testing because the number of updates included in Update Rollup 1 for Windows 2000 SP4 is significantly smaller than the number of updates that are typically included in a service pack. Most customers will have current versions of many of the files already installed from prior updates. Additionally, Microsoft will have already released most of the contents of the update rollup as individual updates and hotfixes. Individual hotfixes that are not included in this update rollup and that are released after Windows 2000 SP4 was released will be available as individual downloads.

Because Microsoft believes that Update Rollup 1 for Windows SP4 will meet the needs of customers better than a new service pack for Windows 2000, Microsoft will not release a Service Pack 5 for Windows 2000. Therefore, Windows 2000 SP4 is the final service pack for Windows 2000. Customers who have not yet deployed Windows 2000 SP4 should consider deploying Windows 2000 SP4 as soon as possible. Windows 2000 with SP4 is a prerequisite for Update Rollup 1 for Windows 2000 SP4.

Frequently asked questions

Q1: Why does Microsoft believe that Update Rollup 1 for Windows 2000 SP4 meets the needs of customers better than a service pack for Windows 2000?
A1: Microsoft talked to many customers about their plans for maintaining their Windows 2000 deployments. The most frequent requests were for Microsoft to make it as easy as possible to keep Windows 2000-based computers up to date from a security perspective, and to reduce the amount of pre-deployment testing that customers have to perform. Update rollups help customers to make their computers more secure. Update rollups also help customers to build new system images without having to apply and to track lots of individual hotfixes. The Update Rollup 1 for Windows 2000 SP4 should require less pre-deployment testing because the number of updates that are included in the update rollup is significantly smaller than the number of updates that are typically included in a service pack. Additionally, Microsoft will have already released most of the contents of Update Rollup 1 for Windows 2000 SP4 as individual updates and hotfixes.

Because Windows 2000 has reached a high level of product maturity, many of the Windows 2000 hotfixes that have been released since Windows 2000 SP4 was released address relatively obscure issues that affect a small number of customers. At this point in the life cycle of Windows 2000, an update rollup provides the maximum utility at the minimum risk of instability.

Q2: How will Microsoft list Update Rollup 1 for Windows SP4 on the Windows Update Web site?
A2: The Update Rollup 1 for Windows SP4 is a high-priority update on the Windows Update Web site. On the Windows Update site, this update rollup will be listed in the “Critical and Service Packs” category. Windows Update will be transitioning Windows 2000 customers to a new version of Windows Update during the next few months. After this transition, Update Rollup 1 for Windows 2000 SP4 will be listed in the “High Priority Updates” category.

Q3: Should I install Update Rollup 1 even if I have kept my Windows 2000 SP4 systems up to date?
A3: Yes. Update Rollup 1 contains additional important fixes in files that have not previously been part of individual security updates, as described in the Knowledge Base Article. In addition, the Update Rollup 1 contains additional enhancements that increase system security, reliability, reduce support costs, and support the current generation of PC hardware. In some cases, the individual binary files released in previous individual security updates may have been updated via individual hotfixes to address minor compatibility issues introduced in those prior security updates that affected individual customers. The latest versions of those files are included in the Update Rollup.

Therefore, even if a system is fully up to date with prior security releases, Windows Update will still detect and apply the Update Rollup. Customers who use managed security update deployment solutions should evaluate the need to deploy Update Rollup 1 within their infrastructure

Q4: Will Update Rollup 1 for Windows 2000 SP4 be distributed over Automatic Updates?
A4: Initially the Update Rollup will not be distributed over Automatic Updates. This is due to the upcoming transition from the Windows Update v4 to the v6 infrastructure during July 2005. Update Rollup is designed to work with Automatic Updates using the v6 infrastructure, not the v4 infrastructure. Once the v6 infrastructure transition is complete, expected in early July 2005, Automatic Updates will be enabled for Update Rollup.

Q5: Will there be an administrative blocking tool for Update Rollup 1 like there was for Windows XP SP2?
A5: No, Update Rollup 1 for Windows 2000 SP4 is not a service pack. Therefore, this update rollup does not require the same level of deployment control. This update rollup is treated like other security or reliability updates, which are normally distributed over Windows Update and via Automatic Updates.

Q6: Do I have to install the individual security bulletin updates before I install Update Rollup 1 for Windows 2000 on new installations of Windows 2000?
A6: No. First install SP4 for Windows 2000, and then install the update rollup. After you install Update Rollup 1 for Windows 2000 SP4, run Windows Update to find and additional updates that were released after April 30, 2005 or that were otherwise not included in Update Rollup 1 for Windows 2000 SP4.

Q7: Will customers be required to deploy Update Rollup 1 for Windows 2000 SP4?
A7: There will be no requirement for customers to deploy Update Rollup 1 for Windows 2000 SP4. Microsoft designed the update rollup to make it easy to keep Windows 2000-based computers up to date with security updates and other important updates. Therefore, when the update rollup is released, we strongly recommend that customers deploy Update Rollup 1 for Windows 2000 SP4 as soon as they can.

Q8: After Update Rollup 1 for Windows SP4 is deployed to a computer that is running Windows 2000 SP4, will the service pack level of Windows 2000 change?
A8: No. The service pack level of the computer remains as Windows 2000 SP4. After you deploy Update Rollup 1 for Windows SP4, the computer will be up to date from a life-cycle policy perspective until the end-of-life date for Windows 2000. The end-of-life date for Windows 2000 will be no sooner than January 1, 2010.

Q9: Is this the first time that Microsoft has produced an update rollup instead of a service pack?
A9: No. Microsoft has produced update rollups before.

For more information about an update rollup that was previously released by Microsoft, visit the following Microsoft Web site: For more information about update rollups that were previously released by Microsoft, click the following article numbers to view the articles in the Microsoft Knowledge Base: Q10: If Update Rollup 1 for Windows 2000 SP4 offers significant benefits over a new service pack, why does Microsoft not always use update rollups? That is, why does Microsoft not use update rollups instead of service packs?
A10: Service packs and update rollups play different, yet complimentary roles. Service packs are good for the delivery of lots of important updates and new features that customers request to have before the next release of a major operating system. Update rollups are good for the delivery of a selected group of updates as an interim release vehicle. Update rollups are used when there is a longer than typical gap between service packs for a particular product. Later in the life cycle of a product, update rollups also are a good mechanism to use to make it easier for customers to keep their computers up to date without requiring customers to deploy all the updates that are available for a product.

Q11: How does Microsoft determine the contents of Update Rollup 1 for Windows 2000 SP4? That is, how does Microsoft decide what are the most popular or important hotfixes to include in the update rollup?
A11: Microsoft examined the number of times that customers have requested and have downloaded individual hotfixes from Microsoft Web sites and from Product Support. Microsoft also evaluates potential operational cost savings that are based on the experiences that Microsoft has in its own Microsoft Windows 2000 data center environment.

Q12: What kinds of updates are included in Update Rollup 1 for Windows 2000 SP4?
A12: The Update Rollup 1 for Windows 2000 SP4 will contain all security-related updates that are produced for Windows 2000 between the release of SP4 and April 30, 2005, when the contents for Update Rollup 1 were locked down for final testing by Microsoft and by external beta & customer sites. The Update Rollup 1 for Windows 2000 SP4 will also contain a small number of important non-security updates. The Update Rollup 1 for Windows 2000 SP4 will contain updates that meet the following criteria:

•	Updates that broadly apply to a variety of customers.
•	Updates that are frequently downloaded by customers.
•	Updates that have the potential to help customers significantly decrease their IT costs. For example, Update Rollup 1 for Windows 2000 SP4 will contain updates that address issues that are time-consuming for support professionals to troubleshoot and fix.
•	Updates that were shipped to lots of new computers by major Windows original equipment manufacturers (OEMs) since Windows 2000 SP4 was released.

Q13: What are the specific updates and hotfixes that are included in Update Rollup 1 for Windows 2000 SP4?
A13: The following table lists all the updates and hotfixes that are included in Update Rollup 1 for Windows 2000 SP4.

Fixes that are included in Update Rollup 1 for Windows 2000 SP4

Update Rollup 1 for Windows 2000 SP4 includes the following post-SP4 fixes:

Security Bulletin	Article title	Article number
MS02-050	Certificate validation flaw might permit identity spoofing	317636
MS03-030	Unchecked Buffer in DirectX Could Enable System Compromise	819696
MS03-022	Vulnerability in ISAPI Extension for Windows Media Services may cause code execution	822343
MS03-025	Flaw in Windows message handling through Utility Manager could enable privilege elevation	822679
MS03-041	Vulnerability in Authenticode Verification Could Allow Remote Code Execution	823182
MS03-023	Buffer overrun in the HTML converter could allow code execution	823559
MS03-026	Buffer Overrun in RPC May Allow Code Execution	823980
MS03-034	Flaw in NetBIOS could lead to information disclosure	824105
MS03-045	Buffer overrun in the ListBox and in the ComboBox Control could allow code execution	824141
MS03-039	A buffer overrun in RPCSS could allow an attacker to run malicious programs	824146
MS03-044	Buffer overrun in Windows Help and Support Center could lead to system compromise	825119
MS03-042	Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution	826232
MS03-043	Buffer overrun in Messenger service could allow code execution	828035
MS03-049	Buffer Overrun in the Workstation Service Could Allow Code Execution	828749
MS03-008	Flaw in Windows Script Engine may allow code to run	814078
MS04-007	An ASN.1 vulnerability could allow code execution	828028
MS04-008	Vulnerability in Windows Media Services could allow a Denial of Service attack	832359
MS04-012	Cumulative Update for Microsoft RPC/DCOM	828741
MS04-006	A vulnerability in the Windows Internet Name Service (WINS) could allow code execution	830352
MS04-011	Security Update for Microsoft Windows	835732
MS04-014	Vulnerability in the Microsoft Jet Database Engine could permit code execution	837001
MS04-016	Vulnerability in DirectPlay could allow denial of service	839643
MS04-024	A vulnerability in the Windows shell could allow remote code execution	839645
MS04-023	Vulnerability in HTML Help could allow code execution	840315
MS04-020	A vulnerability in POSIX could allow code execution	841872
MS04-022	A vulnerability in Task Scheduler could allow code execution	841873
MS04-019	A vulnerability in Utility Manager could allow code execution	842526
MS04-030	Vulnerability in WebDAV XML message handler could lead to a denial of service	824151
MS04-032	Security update for Microsoft Windows	840987
MS04-037	Vulnerability in Windows shell could allow remote code execution	841356
MS04-031	Vulnerability in NetDDE could allow remote code execution	841533
MS04-045	Vulnerability in WINS could allow remote code execution	870763
MS04-043	Vulnerability in HyperTerminal could allow code execution	873339
MS04-044	Vulnerabilities in Windows Kernel and LSASS could allow elevation of privilege	885835
MS04-041	A vulnerability in WordPad could allow code execution	885836
MS05-003	Vulnerability in the Indexing Service could allow remote code execution	871250
MS05-008	Vulnerability in Windows shell could allow remote code execution	890047
MS05-011	Vulnerability in server message block could allow remote code execution	885250
MS05-010	Vulnerability in the License Logging service could allow code execution	885834
MS05-015	Vulnerability in hyperlink object library could allow remote code execution in Windows Server 2003	888113
MS05-001	Vulnerability in HTML Help could allow code execution	890175
MS05-013	Vulnerability in the DHTML editing component ActiveX control could allow code execution	891781
MS05-002	Vulnerability in cursor and icon format handling could allow remote code execution	891711
MS05-012	Vulnerability in OLE and COM could allow remote code execution	873333
MS05-016	Vulnerability in Windows Shell that could allow remote code execution	893086
MS05-019	Vulnerabilities in TCP/IP could allow remote code execution and denial of service	893066
MS05-017	Vulnerability in MSMQ could allow code execution	892944
MS05-018	Vulnerabilities in Windows kernel could allow elevation of privilege and denial of service	890859
MS05-020	Cumulative security update for Internet Explorer	890923
MS03-022	Vulnerability in ISAPI Extension for Windows Media Services may cause code execution	822343
MS05-014	Cumulative security update for Internet Explorer	867282

For more information about the problems that are fixed in Update Rollup 1 for Microsoft Windows 2000 SP4, click the following article number to view the article in the Microsoft Knowledge Base:

Update Rollup 1 for Windows 2000 SP4 TAPI information

Update Rollup 1 for Windows 2000 SP4 changes how Telephony server and client computers communicate using Telephony Application Programming Interface (TAPI).

After you install the Update Rollup 1 for Windows 2000 SP4, Windows 2000 telephony clients only accept encrypted RPC packets from the telephony server. Therefore, the client does not communicate with a telephony server that sends non-encrypted RPC packets. However, this does not apply to TAPI deployments where the client computers are using mailslot instead of RPC for communications with the telephony server or where the telephony server is using mailslot for communications.

By default, Windows 2000 clients use mailslot to communicate with the telephony server. Windows 2000 clients use RPC only when explicitly configured as connection oriented when you use tcmsetup with the -x switch. For example; Where ServerName is the name of the telephony server.

Known issues

For more information about known issues that may occur when you install the Update Rollup 1 for Windows 2000 SP4, click the following article number to view the article in the Microsoft Knowledge Base:

Notes

Update Rollup for Windows 2000 does not contain updates for individual Windows components not included with a clean slipstream install of Windows 2000 SP4. If there are components previously installed or updated on the system, the individual security updates must be downloaded separately from Windows Update.

Examples include the following:

•	MS03-011 - Flaw in Microsoft VM Could Enable System Compromise (KB816093) - The Microsoft VM is not included in SP4 natively. However the VM may be resident on systems which were updated to SP4 from a prior SP or installed by a third party software package.
•	Internet Explorer 6 and Outlook Express 6 – Internet Explorer 5.01 was originally included with Windows 2000. Service Packs for Windows 2000 only service this original version. Microsoft recommends that you install Internet Explorer 6 SP1 and the current cumulative Internet Explorer security updates on Windows 2000 computers for maximum security.