More:
Problems that are fixed in the Update Rollup 1 for Microsoft Windows 2000
Service Pack 4 that is dated June 28, 2005:
http://support.microsoft.com/?kbid=900345
--
~PA Bear
PA Bear wrote:
> Read the KB article: http://support.microsoft.com/?id=891861 It lists all
> the updates included in the Rollup; they include two (2) Cumulative
> Security Updates for IE5.01 in Win2K SP4, MS05-014 and MS05-020. [But if
> they're *cumulative* updates, why both?]
>
> <QP>
> Q3: Should I install Update Rollup 1 even if I have kept my Windows 2000
> SP4 systems up to date?
>
> A3: Yes. Update Rollup 1 contains additional important fixes in files that
> have not previously been part of individual security updates, as described
> in the Knowledge Base Article. In addition, the Update Rollup 1 contains
> additional enhancements that increase system security, reliability, reduce
> support costs, and support the current generation of PC hardware. In some
> cases, the individual binary files released in previous individual
> security updates may have been updated via individual hotfixes to address
> minor compatibility issues introduced in those prior security updates that
> affected individual customers. The latest versions of those files are
> included in the Update Rollup.
>
> Therefore, even if a system is fully up to date with prior security
> releases, Windows Update will still detect and apply the Update Rollup.
> Customers who use managed security update deployment solutions should
> evaluate the need to deploy Update Rollup 1 within their infrastructure
> </QP>
>
> The Rollup does not update IE or OE:
>
> <QP>
> Update Rollup for Windows 2000 does not contain updates for individual
> Windows components not included with a clean slipstream install of Windows
> 2000 SP4. If there are components previously installed or updated on the
> system, the individual security updates must be downloaded separately from
> Windows Update.
>
> Examples include the following:
>
> . MS03-011 - Flaw in Microsoft VM Could Enable System Compromise
> (KB816093) - The Microsoft VM is not included in SP4 natively. However the
> VM may be resident on systems which were updated to SP4 from a prior SP or
> installed by a third party software package.
>
> . Internet Explorer 6 and Outlook Express 6 - Internet Explorer 5.01 was
> originally included with Windows 2000. Service Packs for Windows 2000 only
> service this original version. Microsoft recommends that you install
> Internet Explorer 6 SP1 and the current cumulative Internet Explorer
> security updates on Windows 2000 computers for maximum security.
> </QP>
>
> Nate Goulet wrote:
> > On Wed, 20 Jul 2005 15:30:26 -0400, "PA Bear" <>
> > wrote:
> >
> > > Is Windows Update offering you 891861? Is Win2K SP3 or SP4 installed?
> > >
> > > Cumulative Security Updates for Internet Explorer address
> > > vulnerabilities in Windows, too. I suggest you keep up-to-date on
> > > these.
> >
> > It's a Windows 2000 Server with SP4 installed.
> >
> > Windows update is offering KB891861. Does that update include IE6 if
> > it isn't installed? (would prefer not to do that).
> >
> > I've spoken to many other consultants both in the forums & in person
> > about if I really need to install IE6 on the server to keep it free
> > from vulerabilities.
> >
> > The vast majority of people i've discussed it with agreed that if we
> > are not surfing the web on the server, then we are fine keeping IE5
> > with it's associated critical updates and leaving IE6 off the server.
> >
> > Are you saying you disagree? If so, i'm not saying your wrong either.
> > Even those i've talked with that are Microsoft certified engineers
> > agreed that Windows will be safe on the server without IE6 as long as
> > the only thing IE5 is used for is doing Windows updates. I know
> > Microsoft always likes to promote their newest stuff, but that doesn't
> > automatically mean IE6 is required just to keep Windows secure.
> >
> > I'd like to hear any comments anyone has to share on this.
> >
> > The way I look at it, we only have one server currently and 30 - 50
> > people depending on it. Just installing a Windows update could
> > potential cause a problem, and if we had IE6 on there, new updates
> > would need to be installed constantly. I'm keeping my fingers crossed
> > every time I run a Windows update. The other issue is we don't have a
> > lot of free space on the C partion, and installing IE6 might chew up
> > more space than we can afford on C. We have plenty of space on other
> > drives. Our specialist had partioned C to only have 4 Gigs.
> > Changing that with Partion Magic sounds risky.
> >
> > The main thing is I want to make certain the server is reasonably
> > protected.
Similar Threads
Linear Mode
