Re: MS01-022 INCLUDED IN SP3?

From: Torgeir Bakken (Torgeir.Bakken-spam@hydro.com)
Date: 08/09/02 

From: Torgeir Bakken <Torgeir.Bakken-spam@hydro.com>
Date: Fri, 09 Aug 2002 04:03:27 +0200

user wrote:

> Security Bulletin MS01-022 states the fix will be included in Windows
> 2000 SP3. I looked at all SP3 documentation and have not found any
> mention of the stated bulletin or Q296441. Has MS01-022 been addressed
> in SP3 or not?

>From http://www.microsoft.com/technet/security/bulletin/ms01-022.asp

<qoute>
How do I know whether I need the patch?

The easiest way is to check the version number of the Provider. Follow these
steps to determine the version number:

1. From the Start menu, select Search, then For Files or Folders
2. In the Search For field, type msdaipp.dll and click the Search Now button
3. If msdaipp.dll is not present on your machine, you are not affected by the
vulnerability and do not need the patch.
4. If msdaipp.dll is present on your machine, right-click on the file in the
search window, then select Properties, then Version. Consult the table below to
determine if you have a version with the vulnerability.

Version Number Status
8.102.1403.0 Affected
8.103.2402.0 Affected
8.103.2519.0 Affected
All other versions Unaffected

</qoute>

Win2k SP2: v8.103.2402.0
Win2k SP3: v8.103.2402.0

Conclusion: It is *not* included in Service Pack 3

> Also, am I correct to assume that Windows 2000 Application Compatibility
> Update v1.7 - March '01 was included in SP3?

I don't know. 

--
torgeir