SQL 2000 SP3 doesn't apply older fixes in SP1
From: Tom Steger (tsteger@jato.com)
Date: 01/31/03
- Next message: Marcel: "Re: MSQL Server and Slammer"
- Previous message: Bernardo Unzueta: "Override DTS Local Packages password"
- Next in thread: SQL Server Development Team [MSFT]: "Re: SQL 2000 SP3 doesn't apply older fixes in SP1"
- Reply: SQL Server Development Team [MSFT]: "Re: SQL 2000 SP3 doesn't apply older fixes in SP1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Tom Steger" <tsteger@jato.com> Date: Fri, 31 Jan 2003 11:03:54 -0800
After installing SQL 2000 SP3 on a cleanly installed SQL
2000 Standard (no SP) box, and then running the MBSA 1.1
get this output about SQL Server:
*******************************************************
Instance (default): 5 security updates are missing, are
out of date, or could not be confirmed.
Result Details
SQL Server Security Updates
Security updates confirmed as missing are marked with a
red X
Score Security Update Description Reason
MS00-092 Extended Stored Procedure Parameter Parsing
Vulnerability File g:\MSSQL2000\MSSQL\Binn\ODSOLE70.dll
has a file version [2000.80.194.0] that is less than what
is expected [2000.80.223.0].
MS01-032 SQL Query Method Enables Cached Administrator
Connection to be Reused File g:\MSSQL2000
\MSSQL\Binn\SQLSERVR.exe has a file version
[2000.80.194.0] that is less than what is expected
[2000.80.296.0].
MS01-041 Malformed RPC Request Can Cause Service Failure
File g:\MSSQL2000\MSSQL\Binn\SSmsRP70.dll has a file
version [2000.80.194.0] that is less than what is expected
[2000.80.213.0].
Security updates that are out of date are marked with a
yellow X
Score Security Update Description Reason
The latest service pack for this product is not
installed. The latest service pack for this product is not
installed. Currently SQL Server 2000 Gold is installed.
The latest service pack is SQL Server 2000 SP3.
Security updates that the tool cannot confirm as installed
on the scanned computer are marked with a blue asterisk
Score Security Update Description Reason
MS02-035 SQL Server Installation Process May Leave
Passwords on System (Q263968) Please refer to Q306460 for
a detailed explanation.
*******************************************************
It appears that Service Pack 3 is breaking some SP1 fixes
for SQL.
Please advise.
- Next message: Marcel: "Re: MSQL Server and Slammer"
- Previous message: Bernardo Unzueta: "Override DTS Local Packages password"
- Next in thread: SQL Server Development Team [MSFT]: "Re: SQL 2000 SP3 doesn't apply older fixes in SP1"
- Reply: SQL Server Development Team [MSFT]: "Re: SQL 2000 SP3 doesn't apply older fixes in SP1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
