MSDE - service packs and patches

From: Monterey, Christina (Christina.Monterey@EIA.DOE.GOV)
Date: 08/15/02


Date:         Thu, 15 Aug 2002 17:11:43 -0400
From: "Monterey, Christina" <Christina.Monterey@EIA.DOE.GOV>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Russ,

If this is not a valid posting for BugTraq, please just let me know.

I am concerned that there are internet web servers out there running un-patched
versions of MSDE. This happens for 2 reasons:
1) you don't think MSDE is vulnerable to SQL attacks.
2) you can't get the service packs and security updates to install, so you leave
MSDE as-is.

More and more Windows database-dependant products require MSDE if you do not have
a SQL server. If your server is a web server and running MSDE you need to install
the service packs and security updates to protect this server. I know I had to
call Microsoft to get help (and BTW, the guy I got at Microsoft Support was
exceptionally helpful). With help, I did get the service packs and security
fixes installed. I am posting this in an attempt to help anyone else having
problems patching MSDE.

(but, maybe I am the only one...if so, Russ, please don't even bother to post
this!)

FYI - my problem was that I did not run the setup file from a command prompt and
specify the numeric install file (.MSI file). I chose to uninstall MSDE and
reinstall it in this way. Then, I ran SQL SP2 from the command prompt and
specified the numeric patch-install file (.MSP). I think it also helps to run the
install of MSDE from a directory on the hard drive (not from a network share or a
CD -- I also did this before the 2nd install). Non-DBAs may want to take the
effort to get familiar with the oslq utility too (runs transact SQL commands).
To run the security update, you need to know the instance name for your MSDE
install. The default instance name is MSSQLSERVER. If you are trying to install
the post-SP2 security rollup for SQL 2000 on MSDE 2000, you probably need to get
the new version of SERVPRIV.EXE from their support office.

If you have an install of MSDE that was customized from a vendor, none of the
info above may apply (sorry, you have to contact the vendor). This is because
vendors can add "merge-modules" to MSDE and these modules can change all the
rules.

hope this helps,
Chris Monterey
EIA



Relevant Pages

  • Re: SBS 2003 and Great Plains problem - NOT SOLVED :(
    ... It doesn't matter if the new instance of MSDE is ... but I now have a new instance of MSDE working and the SBS backup also ... install a new instance the install quit with an error. ... server for the customer before they install it on their server. ...
    (microsoft.public.windows.server.sbs)
  • Re: Wrong MSDE installed
    ... That is the command line to install a new default instance. ... This will upgrade the existing instance but do nothing to get SBS Monitoring and Sharepoint installed. ... They use WMSDE not MSDE. ... those folders are as you say on my SBS 2003 server that has been upgraded to SP1. ...
    (microsoft.public.windows.server.sbs)
  • Re: Wrong MSDE installed
    ... those folders are as you say on my SBS 2003 server that has been ... The setup wizard will not run because of the older version of MSDE. ... If I need to install an MSDE instance I always do it from the ...
    (microsoft.public.windows.server.sbs)
  • Re: Wrong MSDE installed
    ... On a normal SBS install both the MSDE and the WMSDE installation files are installed. ... C:\Program Files\Microsoft SQL Server SP4\WMSDE ... I have installed Backup Exec several times on SBS and it always works with what I assumed was the MSDE that comes with SBS. ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 and Great Plains problem - NOT SOLVED :(
    ... It doesn't matter if the new instance of MSDE is ... It did before the reboot. ... install a new instance the install quit with an error. ... server for the customer before they install it on their server. ...
    (microsoft.public.windows.server.sbs)