Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Question Re Patch for Bulletin MS02-039

Status
Not open for further replies.
SheetsERR

SheetsERR

MIS
Nov 13, 2001
66
0
0
US
How does one go about verifying that the patch (hotfix Q323875_SQL2000_SP2_en.EXE) for the Buffer Overrun issue in MS02-039 was successfully applied? My client was running on build .578. When he runs a SELECT @@VERSION now, the identical build is returned. Does he have to check individual files for version #'s or dates?

Thanks so much!
Sheetserr
 
Sort by date Sort by votes
OOPPSS! had a typo

8.00.578 is 2000 SP2 + Q317979

-SQLBill
 
Upvote 0 Downvote
Thanks for your help, SQLBill!

Just had my client re-apply the hotfix from Bulletin MS02-039. Per the chart, @@VERSION should reflect 8.00.655. It does not. In fact, it's still showing 8.00.578. Now, I checked out the current log and found....
"Using 'SSNETLIB.DLL' version '8.00.636'"

What's your take on this?

Thanks,
Sheetserr
 
Upvote 0 Downvote
Install the patch available from MS02-061 rather than MS02-039. It is easier to apply because it is now packaged with an installer.

Microsoft Security Bulletin MS02-061

Download link:
Terry L. Broadbent - DBA
SQL Server Page:
If you want to get the best answer for your question read faq183-874.
 
Upvote 0 Downvote
Terry,

You're right! It sure beats the old copy/paste and stop/start of other hotfixes. I installed that patch on our group's test server.

Problem is, our DBA group and systems folks haven't officially tested the cumulative patch from MS02-061 yet. I don't think I have the authority to tell our client to use that patch.

Take care!
Sheetserr
 
Upvote 0 Downvote
I guess you have to measure the risk. Is the risk of virus infection greater or less than the risk of installing the security patch? In most situations, getting a virus into the system will cause more problems or damage than installing a secuity patch. We have an established policy of applying security patches as soon as possible. I realize, however, that each site and situation is different. Terry L. Broadbent - DBA
SQL Server Page:
If you want to get the best answer for your question read faq183-874.
 
Upvote 0 Downvote
Terry,

Thanks for your responses. I agree with you.

I got an update from our Sr DBA. Apparently, there's a reason the build number isn't updated in SQL Server after running the hotfix for MS02-039. This particular hotfix doesn't require replacement of the executable, only ssnetlib.dll and ssnetlib.pdb (if it exists).

Sheetserr
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Andrzejek
  • Question
SSMS question 1
Replies
4
Views
476
Sana Shazadi
S
Andrzejek
  • Locked
  • Question
Field types question
Replies
9
Views
98
Chris Miller
Chris Miller
ahmedsa2018
  • Locked
  • Question
the goal mfrom asking question is t
Replies
0
Views
50
ahmedsa2018
ahmedsa2018
Andrzejek
  • Locked
  • Question
Management Studio behavior question 1
Replies
3
Views
80
MarkSweetland
MarkSweetland
V
  • Question
xp_cmdshell vs psexec - this SQL server forgets credential to an W10 share
Replies
0
Views
200
Volvere
V

Part and Inventory Search

Sponsor

Back
Top