Patches for Windows 2000 security hole

The company this week released the security patch for two problems affecting the Microsoft Index Server, a file search engine included with Windows 2000, as well as Windows NT and Internet Information Server. Windows 2000 is the company_s new corporate operating system, designed to run computers for large companies, Web sites and e-commerce services. Although the function affected by the glitch is not specific to Windows 2000, the vulnerability is somewhat embarrassing for Microsoft, given its recent struggles with security issues, its promotion of Windows 2000 as the most secure and reliable operating system to date, and the fact that the product has not yet even been officially released. Taken together, the security problems would allow a malicious user to learn where administrative files are stored on a Web server, then view and read the files, a Microsoft representative said. The bugs do not allow anyone to actually modify or gain access to the files themselves. Although it ranks low on the severity scale, the problem does raise questions as to whether Microsoft has over hyped the stability of the new operating system and its own internal bug-testing operation. Microsoft has called Windows 2000 the most heavily tested software release in the company_s history.