One of the problem with Service Packs and Patches is that you never know if the next piece of software, or the next patch will overwrite a patched file and undo the repair you put in.

It used to be our standard procedure on NT4 to reapply SP6a after installing just about any piece of software.

Lately, I am seeing some systems that have been LONG patched against the Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise flaw (MS01-033) being infected with this new CodeRed.F worm.

MS01-033 was one of the main vulnerabilities exploited by CodeRed. It has been superceded a few times with cumulative patches and it is listed in the Windows 2000 SP3 list of things fixed.

Is anyone aware of any specific post-SP3 patch or hotfix on Windows 2000 that would undo this patch or somehow make a seemingly patched system vulnerable to CodeRed.F again?