Blogs
Welcome to EMC Consulting Blogs Sign in | Join | Help

Welcome to EMC Consulting Blogs

Claypole's World - The SQL Server Side

Concerning development of bespoke applications and database administration.

SQL Server and Windows Security patch posted

And so the great run comes to an end...

For the full details of this incident please click here. N.B. This also affects Windows. However this is released under a different KB article.

For the SQL 2005 sp2 KB article look at this link http://support.microsoft.com/kb/948108

For SQL 2000 GDR and MSDE 2000 KB article look at this one http://support.microsoft.com/?kbid=948110

If the Windows article is what you are after click here http://support.microsoft.com/?kbid=948109 

The post-sp2 security patch popped up on my radar via my Automatic Updates (I knew there was a reason I looked at the Advanced Custom Settings first)...

Auto Update

It applies to pretty much all versions of SQL 2005 with sp2 installed.  What a dog's breakfast sp2 was. It looks like it takes the build number up to 3233.  However, as I have mentioned this also affects

The situation with windows is also interesting.  The component affected in Windows is MSDE for windows 2000 and 2003 on 32 bit.  However, for those running the WYUKON Windows Internal Database component in Windows 2003 or if you are on the bleeding edge on Windows 2008 then you are also impacted.

Windows 2008 is particularly interesting.  The article states that the "Server Core Installation (...is...) affected. ... This applies...whether or not Windows Server 2008 was installed using the Server Core installation option."

If you'd like to know more about Server Core then here is a link.

There are also some known issues with the installs but these are covered in the link above.

Those links again:

http://support.microsoft.com/kb/948108

http://support.microsoft.com/?kbid=948110

http://support.microsoft.com/?kbid=948109 

It has been a great run for SQL Server and Microsoft on the security side of the equation.  Slammer taught Microsoft an invaluable lesson and it is a testament to the team that ever since that horrific week of callout when we all went patch-tastic there has been a dearth of security based issues especially in the server products.  However, I fear the counter now has to be reset pretty much across the board for Windows and SQL Server.  Let's hope we have to wait as long for the next one.

Cheers, JRJ

Published 10 July 2008 09:33 by James.Rowland-Jones

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

 

SQL Server and Windows Security patch posted | Windows 2008 Security said:

PingBack from http://windows2008security.com/security-policy/sql-server-and-windows-security-patch-posted/

July 10, 2008 11:05
 

Claypole's World - The SQL Server Side said:

So as suspected when I installed the new Security patch released by Microsoft for SQL 2005 sp2 that I

July 10, 2008 11:40

Leave a Comment

(required) 
(optional)
(required) 
Submit

About James.Rowland-Jones

James is an Advisory Practice Consultant with EMC Consulting. He works primarily with SQL Server technologies in architecture, development and administration capacities. He also co-ordinates our Internal SQL Server Community.

View James Rowland-Jones's profile on LinkedIn

This Blog

Syndication

News

Locations of visitors to this page

Submit a session for SQLBits IV

EMC2, EMC, and where information lives are registered trademarks of EMC Corporation.
All other trademarks used herein are the property of their respective owners.                  
© Copyright 2009 EMC Corporation. All rights reserved.                                                    
Powered by Community Server (Personal Edition), by Telligent Systems