Windows 2000® Updates

The following is a compilation of updates, add-ons and tools provided by Microsoft to enhance the features and usability of the Windows 2000® Operating System. The links that are noted below in blue in the main body of this page will take you directly to the Microsoft Windows 2000 Update page and to the respective descriptive pages regarding each update, upgrade, add-on or tool. Given that changes occur on a regular basis, we feel that rather than provide you with direct downloads, we will provide you with basic descriptions and then refer you to directly to the appropriate Microsoft web page for the actual download.

IMPORTANT: Updates on this page do not apply to Windows 2000 Datacenter Server. For more information on Windows 2000 Datacenter Server, please visit The Windows 2000 Datacenter Program.

You will find the following on this page: (Click a link!)

Critical Updates:

Microsoft Windows 2000 "Local Security Policy Corruption"
Vulnerability Patch (Denial of Service Attacks)

This vulnerability could allow a malicious user to corrupt parts of a Windows 2000 system’s local security policy, with the effect of disrupting domain membership and trust relationship information. If a workstation or member server were attacked via this vulnerability, it would effectively remove the machine from the domain; if a domain controller were attacked, it could no longer process domain logon requests. Recovering from such an attack would likely require that a known-working configuration be restored from backup.

It would not be necessary to be an authenticated domain member in order to mount an attack via this vulnerability. Any user who could establish a RPC connection with an affected machine and send the proper command sequence to it could exploit the vulnerability. If the malicious user were an intranet user, he could likely attack any machine within the network; if the malicious user were on the Internet, he could likely attack only machines on the network edge that allow RPC connections.

Affected Software Versions:

Note: Microsoft Windows 2000 Datacenter Server is not affected by this vulnerability.

You should read: Microsoft Security Bulletin (MS00-062) to determine how this vulnerability effects you.

Follow this link to download the patch directly from Microsoft.

Follow this link to download the patch from our server.


Security Update, June 6, 2000
This update resolves the "ResetBrowser Frame" and "HostAnnouncement Flooding" security vulnerabilities in Windows 2000 and Windows NT 4.0. Installing this update will prevent a malicious user from denying network users the ability to locate services or other computers on the network. Without this update, the malicious user may also be able to provide inaccurate information to network users.


Windows 2000 Service Pack 1 Archive
Critical and recommended updates that are included in the release of Windows 2000 Service Pack 1 (SP1) have been moved from this catalog to the Windows 2000 SP1 Archive. The archive is not a comprehensive list of all the updates in SP1. To keep your Windows 2000 computer current, Microsoft recommends that you install Windows 2000 SP1.


Security Update, April 17, 2000

This update eliminates the "Malformed TCP/IP Print Request" vulnerability found in the TCP/IP Printing Services for Windows NT 4.0 and Windows 2000 (in Windows 2000, the service is referred to as "Print Services for Unix"). This is an optional service used primarily in mixed Windows NT-Unix environments, and is not installed by default. Installing this update will prevent a malicious user from disrupting printing services on a network that has installed TCP/IP Printing Services. The native Windows NT and Windows 2000 printing service is not affected by this vulnerability.


Security Update, April 14, 2000
This update eliminates the "Virtualized UNC Share" security vulnerability found in Microsoft Internet Information Server (IIS) and some of its related software. Installing this update will prevent the source code of certain types of files to be sent from a Web server to a visiting user's browser. The vulnerability does not enable unauthorized users to change files or take administrative action on the Web server.


Critical Update, March 21, 2000
Windows 2000 Encryption Protection Update. Microsoft has discovered an issue regarding 128-bit versions of Internet Explorer 5.0 customized by the Internet Explorer Administration Kit (IEAK) 5.0. After installing customized Internet Explorer 5.0, users of Windows 2000 will be unable to login. Microsoft has already prepared a protective update to download. Please review your specific situation to determine if you require protection from the scenario described in the Read Me First page. Please accept our apology for any inconvenience resulting from this issue.


Security Update, March 7, 2000
Security Update for Microsoft virtual machine (VM). Download the latest update for the Microsoft VM. Installing this update will resolve the "VM File Reading" security vulnerability in the current Microsoft VM and will upgrade you to the most recent version available.


Critical Update, February 17, 2000
Bring your computer up-to-date with the latest updates for the Windows 2000 operating system.


Recommended Updates:

Windows 2000 High Encryption Pack
The Windows 2000 High Encryption Pack allows you to enhance your system with the highest available encryption level (128-bit).


Windows 2000 Update, "Terminal Services OEM License Server Activation Failure"
This update resolves an issue that occurs only on servers that are obtained through Microsoft Original Equipment Manufacturers (OEMs) or System Builders and are configured with the Terminal Services Licensing service. For these specific servers, the Windows 2000 Terminal Services license server activation does not verify the activation certificate obtained from the Microsoft Clearinghouse. This results in a failure to activate the server as a Terminal Services license server. As a result, Windows 2000 Terminal Services Client Access licenses cannot be installed.


AOL Image Support Update for Windows 2000
This package provides support to display Johnson-Grace compressed images, or .ART files, most commonly used by America Online. If you are an America Online user running Windows 2000, this is a required upgrade.


Windows 2000 Update, "Adobe FrameMaker Cannot Save File as PDF or Print Separations"
Installing this update will resolve an incompatibility between FrameMaker 5.x and PScript5-2000 PostScript drivers. This update allows Adobe FrameMaker to save PDF files and print separations in Windows 2000.

Windows 2000 Update, "Iomega Tools do not Recognize Parallel Port Drives"
This update addresses the "Iomega Tools do not Recognize Parallel Port Drives" issue found in Windows 2000. Installing this update will resolve an incompatibility between Windows 2000 and Iomega software used to access storage devices attached to a parallel port (Zip or Jaz, for example). This update allows Iomega software tools to view parallel port drives with Windows 2000.


Windows 2000 Update, "Incorrect Signature for Xenroll.dll file"
This update addresses the "Incorrect Signature for Xenroll.dll file" issue found in some international language versions of Windows 2000. The Xenroll.dll file is incorrectly signed in the Japanese, German, French, Italian, and Spanish versions of Windows 2000. Client browsers connecting to a Windows 2000 server for certificate enrollment will receive a message stating the file was modified after signing, or that the file is unsigned. Installing this update will provide the correctly signed Xenroll.dll file.


Microsoft Virtual Machine for Internet Explorer 5.5 (Build 3802, released 1/25/01) The Microsoft® virtual machine (Microsoft VM) is designed to run on Microsoft® Windows® 95, Microsoft® Windows® 98, Microsoft® Windows® Millennium Edition (Me), Microsoft® Windows NT® 4.0, and Microsoft® Windows® 2000 or later. For a complete list of updates, view the list of fixes.


Necessary Deployment Tools:

Windows 2000 Readiness Analyzer
The Windows 2000 Readiness Analyzer tool analyzes your system and reports potentially incompatible hardware devices and software applications. The tool compares the devices and applications on your system against a list of known issues. Although this check also occurs during Windows 2000 Setup, you can download and run the tool before installing Windows 2000 to help ensure your installation will succeed.


Windows 2000 Readiness Analyzer - Disk Image Version
This Disk Image Version allows you to run the Readiness Analyzer on computers that are not on the Internet or your network. Using two floppy disks, you can download the tool using a computer connected to the Internet. Then run the tool on offline computers that you want analyzed before installing Windows 2000 to help ensure your installation will succeed.


Windows 2000 Compatibility Updates
Windows 2000 was specifically developed to enable users to easily add additional application support after the product had shipped for general release. The February 2000 package is the first release of such additional application support and includes software compatibility updates for Windows 2000. During product compatibility testing prior to release, Microsoft focused on the top volume business applications (thousands of applications run out-of-the-box). With that testing complete, we are now broadening our original focus and have addressed some minor compatibility issues with a few of the more popular home/entertainment/gaming applications.


Windows 2000 Active Directory Migration Tool
The Active Directory Migration Tool provides an easy, secure, and fast way to migrate to Windows 2000 Active Directory service. As a system administrator, you can use this tool to diagnose any possible problems before starting migration operations to Windows 2000 Server Active Directory.


Windows 2000 System Preparation Tool, Version 1.1
The Windows 2000 System Preparation Tool (Sysprep) Version 1.1 enables administrators to prepare Windows 2000 System Images as part of an automated deployment. Sysprep 1.1 is an update to Sysprep 1.0 and adds the ability to reduce the number of images required in a deployment by supporting multiple mass storage controllers.


Windows 2000 Active Directory Sizer Tool
The Active Directory Sizer tool allows you to estimate the hardware required for deploying Active Directory in your organization. The estimate provided is based on your organization's profile, domain information and site topology.


Windows 2000 Evaluation Upgrade Utility
Download this utility if you have installed the Windows 2000 Evaluation Edition and want to upgrade it to full code using the Windows 2000 Upgrade CD. To successfully complete the upgrade, you will need to have a valid qualifying Windows CD such as Windows 98 or Windows NT 4.0. If you are trying to upgrade using the Standard (non-upgrade) Windows 2000 CD, you do not need this download. You can successfully upgrade the Evaluation Edition with a Standard Windows 2000 CD.


Other Useful Downloads:

Windows 2000 Help Files
Download your choice of Help files for Windows 2000 Professional, Windows 2000 Server, or Windows 2000 Advanced Server. You can install the Help files you need, regardless of which Windows 2000 platform you have on your computer.


Windows 2000 Customer Support Diagnostics
The Microsoft Windows 2000 Customer Support Diagnostics package consists of important tools and data for diagnosing your Windows 2000 system.


Windows 2000 Resource Kit Tools
Microsoft Windows 2000 Resource Kit software tools can help you streamline administrative tasks such as managing Active Directory™, administering security features, working with Group Policy and Terminal Services, automating application deployment, and other important jobs.

Last updated August 28, 2000

Copyright ©2000 DEW Associates Corporation. All rights reserved.
Your privacy will be respected at all times.
Year 2000 Readiness Disclosure.