Skip navigation

What's Not in MS01-044

I recently ran the Microsoft Network Security Hotfix Checker (hfnetchk.exe) tool on my IIS 5.0 server, which I had patched with Windows 2000 Service Pack 2 (SP2) and MS01-044 (15 August 2001 Cumulative Patch for IIS). Hfnetchk reported that MS01-025 (Index Server Search Function Contains Unchecked Buffer) wasn't installed. This hotfix appears with IIS hotfixes on the Microsoft Security Bulletin Search Web page ( MS01-044 says it includes all IIS hotfixes, so what's the problem?

I answered a similar question last month, so refer to my December 2001 column for a more detailed answer. It's worth noting, however, that if you read the Caveats information under the "Additional Information About this Patch" section of MS01-044's documentation, it states that MS01-044 doesn't include these hotfixes:

  • MS01-043 (NNTP Service Contains Memory Leak)
  • MS01-025
  • MS00-084 (Patch Available for "Indexing Services Cross Site Scripting" Vulnerability)
  • MS00-006 (Patch Available for "Malformed Hit-Highlighting Argument" Vulnerability)

Consequently, Hfnetchk is correct; MS01-025, which is an important hotfix, is missing. (You can download Hfnetchk from 15.asp.)

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.