Over 1 million tech questions and answers.

Cumulative Patch for Microsoft SQL Server: July 24

Q: Cumulative Patch for Microsoft SQL Server: July 24

Hiya

This is a cumulative patch that includes the functionality of all
previously released patches for SQL Server 7.0, SQL Server 2000, MSDE
1.0, and MSDE 2000. In addition, it eliminates three newly discovered
vulnerabilities.

- Named Pipe Hijacking -
Upon system startup, SQL Server creates and listens on a specific
named pipe for incoming connections to the server. A named pipe is a
specifically named one-way or two-way channel for communication
between a pipe server and one or more pipe clients. The named pipe is
checked for verification of which connection attempts can log on to
the system running SQL Server to execute queries against data that is
stored on the server.

A flaw exists in the checking method for the named pipe that could
allow an attacker local to the system running SQL Server to hijack
(gain control of) the named pipe during another client's
authenticated logon password. This would allow the attacker to gain
control of the named pipe at the same permission level as the user
who is attempting to connect. If the user who is attempting to
connect remotely has a higher level of permissions than the attacker,
the attacker will assume those rights when the named pipe is
compromised.

- Named Pipe Denial of Service -
In the same named pipes scenario that is mentioned in the "Named Pipe
Hijacking" section of this bulletin, it is possible for an
unauthenticated user who is local to the intranet to send a very
large packet to a specific named pipe on which the system running SQL
Server is listening and cause it to become unresponsive.

This vulnerability would not allow an attacker to run arbitrary code
or elevate their permissions, but it may still be possible for a
denial of service condition to exist that would require that the
server be restarted to restore functionality.

- SQL Server Buffer Overrun -
A flaw exists in a specific Windows function that may allow an
authenticated user-with direct access to log on to the system running
SQL Server-the ability create a specially crafted packet that, when
sent to the listening local procedure call (LPC) port of the system,
could cause a buffer overrun.
If successfully exploited, this could allow a user with limited
permissions on the system to elevate their permissions to the level
of the SQL Server service account, or cause arbitrary code to run.

Maximum Severity Rating: Important

Affected Software:

Microsoft SQL Server 7.0
Microsoft Data Engine (MSDE) 1.0
Microsoft SQL Server 2000
Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
Microsoft SQL Server 2000 Desktop Engine (Windows
Download locations for this patch

Microsoft SQL Server 7.0

Microsoft SQL 2000 32-bit Edition

Microsoft SQL 2000 64-bit Edition

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-031.asp

Regards

eddie

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Cumulative Patch for Microsoft SQL Server: July 24

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 120.4

Hiya

This is a cumulative patch that includes the functionality of all
previously released patches for SQL Server 2000. In addition, it
eliminates three newly discovered vulnerabilities affecting SQL
Server 2000 and MSDE 2000 (but not any previous versions of SQL
Server or MSDE):

- - A buffer overrun vulnerability in a procedure used to encrypt SQL
Server credential information. An attacker who was able to
successfully exploit this vulnerability could gain significant
control over the database and possibly the server itself depending
on the account SQL server runs as.
- - A buffer overrun vulnerability in a procedure that relates to the
bulk inserting of data in SQL Server tables. An attacker who was
able to successfully exploit this vulnerability could gain
significant control over the database and possibly the server
itself.
- - A privilege elevation vulnerability that results because of in-
correct permissions on the Registry key that stores the SQL Server
service account information. An attacker who was able to success-
fully exploit this vulnerability could gain greater privileges on
the system than had been granted by the system administrator --
potentially even the same rights as the operating system.

Maximum Severity Rating: Moderate

Affected Software:

Microsoft SQL Server 2000 all editions.
Microsoft SQL Server Desktop Engine (MSDE) 2000

Download locations for this patch

Microsoft SQL Server 2000:
http://support.microsoft.com/support/mis... Read more

Read other answers
RELEVANCY SCORE 102.4

Hiya

Issue:
======
Microsoft Content Management Server (MCMS) 2001 is an Enterprise
Server product that simplifies developing and managing E-Commerce
web sites. MCMS includes a number of pre-defined ASP web pages that
allow web site operators to quickly set up E-business websites.

A Cross-Site Scripting flaw exists in one of these ASP pages that
could allow an attacker to insert script into the data being sent
to a MCMS server. Because the server generates a web page in
response to a user request made using this page, it is possible that
the script could be embedded within the page that CMS generates and
returns to the user, this script would then run when processed by
the user's browser. This could result in an attacker being able to
access information the user shared with the legitimate site.

An attacker might attempt to exploit this flaw by crafting a
malicious link to a valid site that the user intended to visit.
If the attacker were able to get a user to click the link-most
likely by sending the link in an email-then it could be possible
for the attacker to take a variety of actions. The attacker could
alter the data that appeared to be contained on the web pages
presented by the legitimate site, monitor the user's session with
the legitimate site and copy personal data from the legitimate site
to a site under the attacker's control, or access the legitimate
site's cookies.

Mitigating Factors:
====================
- This flaw is not present in Mic... Read more

Read other answers
RELEVANCY SCORE 96

Update to the WMP patch of June 26, 2002. angelize56

Who should read this bulletin:

Customers using Microsoft® Windows Media™ Player 6.4, 7.1 or Windows Media Player for Windows XP.

Impact of vulnerability: Three vulnerabilities, first reported on June 26 2002, the most serious of which could be used to run code of attacker's choice.

Maximum Severity Rating: Critical

Recommendation: Customers running affected products should apply the patch immediately. Customers who are still running Windows Media Player 7.0 should upgrade to Windows Media Player 7.1 first and then apply the patch immediately.

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-032.asp
 

Read other answers
RELEVANCY SCORE 86.4

Hiya

This is a cumulative patch that includes the functionality of all
previously released patches for SQL Server 7.0, SQL Server 2000, and

Microsoft Data Engine (MSDE) 1.0, Microsoft Desktop Engine (MSDE)
2000. In addition, it eliminates four newly discovered vulner-
abilities.
* A buffer overrun in a section of code in SQL Server 2000
(and MSDE 2000) associated with user authentication. By
sending a specially malformed login request to an affected
server, an attacker could either cause the server to fail or
gain the ability to overwrite memory on the server, thereby
potentially running code on the server in the security context
of the SQL Server service. It would not be necessary for the
user to successfully authenticate to the server or to be able
to issue direct commands to it in order to exploit the
vulnerability.
* A buffer overrun vulnerability that occurs in one of the
Database Console Commands (DBCCs) that ship as part of SQL
Server 7.0 and 2000. In the most serious case, exploiting
this vulnerability would enable an attacker to run code in
the context of the SQL Server service, thereby giving the
attacker complete control over all databases on the server.
* A vulnerability associated with scheduled jobs in SQL Server
7.0 and 2000. SQL Server allows unprivileged users to create
scheduled jobs that will be executed by the SQL Server Agent.
By design, the SQL Server Agent should only perform job
steps that are appropriate for the requesting user... Read more

Read other answers
RELEVANCY SCORE 86.4

Hiya

This is a cumulative patch that includes the functionality of all
previously released patches for SQL Server 7.0 and SQL Server 2000.
In addition, it eliminates a newly discovered vulnerability.

SQL Server 7.0 and SQL Server 2000 provide for extended stored
procedures, which are external routines written in programming
languages such as C or C#.

These procedures appear as normal stored procedures to users and can
be invoked and executed just like normal stored procedures. By
default, SQL Server 7.0 and SQL Server 2000 ship with a number of
extended stored procedures which are used for various helper
functions.

Some of the Microsoft-provided extended stored procedures that have
the ability to reconnect to the database as the SQL Server service
account have a flaw in common - namely, they have weak permissions
that can allow nonprivileged users to execute them. Because these
extended stored procedures can be made to run with administrator
privileges on the database, it is thus possible for a nonprivileged
user to run stored procedures on the database with administrator
privileges.

An attacker could exploit this vulnerability in one of two ways. The
attacker could attempt to load and execute a database query that
calls one of the affected extended store procedures. Alternately,
if a web-site or other database front-end were configured to access
and process arbitrary queries, it could be possible for the attacker
to provide inputs that would cause the quer... Read more

Read other answers
RELEVANCY SCORE 85.6

Hiya

Microsoft BizTalk Server is an Enterprise Integration product
that allows organizations to integrate applications, trading
partners, and business processes. BizTalk is used in intranet
environments to transfer business documents between different
back-end systems as well as extranet environments to exchange
structured messages with trading partners. This patch addresses
two newly reported vulnerabilities in BizTalk Server.

The first vulnerability affects Microsoft BizTalk Server 2002
only. BizTalk Server 2002 provides the ability to exchange
documents using the HTTP format. A buffer overrun exists in the
component used to receive HTTP documents - the HTTP receiver -
and could result in an attacker being able to execute code of
their choice on the BizTalk Server.

The second vulnerability affects both Microsoft BizTalk Server
2000 and BizTalk Server 2002. BizTalk Server provides the ability
for administrators to manage documents via a Document Tracking
and Administration (DTA) web interface. A SQL injection
vulnerability exists in some of the pages used by DTA that could
allow an attacker to send a crafted URL query string to a
legitimate DTA user. If that user were to then navigate to the
URL sent by the attacker, he or she could execute a malicious
embedded SQL statement in the query string.

Maximum Severity Rating: Important
Affected Software:

Microsoft BizTalk Server 2000
Microsoft BizTalk Server 2002

Download locations for this patch

... Read more

Read other answers
RELEVANCY SCORE 73.2

Hiya

The Internet Mail Connector (IMC) enables Microsoft Exchange Server
to communicate with other mail servers via SMTP. When the IMC
receives an SMTP extended Hello (EHLO) protocol command from a
connecting SMTP server, it responds by sending a status reply that
starts with the following:
250-<Exchange server ID>Hello<Connecting server ID>

Where:
<Exchange server ID> is the fully-qualified domain name (FQDN) of
the Exchange server <Connecting server ID> is either the FQDN or
the IP address of the server that initiated the connection.

The FQDN would be used if the Exchange5.5 IMC is able to resolve
this information through a reverse DNS lookup; the IP address
would be used if a reverse DNS lookup was not possible or failed
to resolve the connecting servers IP address.

A security vulnerability results because of an unchecked buffer
In the IMC code that generates the response to the EHLO protocol
command. If the total length of the message exceeds a particular
value, the data would overrun the buffer. If the buffer were
overrun with random data, it would result in the failure of the
IMC. If, however, the buffer were overrun with carefully chosen
data, it could be possible for the attacker to run code in the
security context of the IMC, which runs as Exchange5.5 Service
Account.

It is important to note that the attacker could not simply send
Data to the IMC in order to overrun the buffer. Instead, the
Attacker would need to create a set of condi... Read more

Read other answers
RELEVANCY SCORE 70.4

We deployed June 2017 IE Cumulative KB4021558 to our endpoints and had users run into the iFrame printing issue. We then deployed KB4032782 to resolve the printing issue on endpoints. KB4032782 removes 1 fix from KB4021558 that fixes the iFrame printing
issue.
The question is does the July 2017 IE Cumulative update KB4025252 include the fix that was removed by KB4021558?

Read other answers
RELEVANCY SCORE 70.4

If you're running version 10.0.10586.420, the cumulative update today will update it to version 10.0.10586.494


It'll also update Internet Explorer to version 11.0.33 and Windows Defender to version 4.9.10586.494


I haven't had a chance yet to determine what other changes were made.

-------------------------------------------------------------
 

A:Windows 10 Cumulative Update (July 12th)

Read other 7 answers
RELEVANCY SCORE 68

Hi Gents,
I have rollout IE KB Update KB4025252 and after the update, few users are not able to access SharePoint 2010 links. Users are able to view SharePoint home page but not able to access links. IE Keep crashing "Internet Explorer has stopped working"
I was able to resolve the issue by removing the above KB and reboot.
My question is I have 2000+ Users to run rollout job and it will be helpful if there any update fix update released by Microsoft.

Thank you and regards,
Darshana


darshana

Read other answers
RELEVANCY SCORE 66

For those who don't know a security patch for IE became available today. Take care! angelize56

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-023.asp
 

A:{New Cumulative} Security Patch for IE

Read other 16 answers
RELEVANCY SCORE 66

Over the past seven days I've been receiving mail I assume is from Microsoft mainly titled 'May 2003, Cumulative Patch'. When I tried to open the attachments I got the 'Authenticode Signature Not Found' message so I did nothing. These were followed by a series of other mails titled Re; Your Application, Yours Details, Re: Approved etc, all meaning nothing to me, yesterday I had another mail again about the 'May 2003 Patch' this time with the name Wendy in the sender box, titled FWD, See These Security Patch From Microsoft. I'm starting to get worried.
The only other information I can add are the following Q226691.exe and update183.exe were both mentioned.

Best regards....Mike
 

A:'May 2003, Cumulative Patch'

Sorry, but Micro$oft are HIGHLY unlikely to be sending you any e-mails of this nature.

Sounds more like the Palyh virus to me.

http://www.microsoft.com/security/virus_alerts/palyh.asp
http://www.snopes.com/computer/virus/palyh.asp

Update your av signature, or if you haven't got AV, go to Housecall and do an online scan
 

Read other 1 answers
RELEVANCY SCORE 65.2

Hiya

This is a cumulative patch that includes the functionality of all
previously released patches for IE 5.01, 5.5 and 6.0. In addition,
it eliminates the following six newly discovered vulnerabilities:
- - A buffer overrun vulnerability that occurs because Internet
Explorer does not correctly check the parameters of a PNG graphics
file when it is opened. To the best of Microsoft's knowledge, this
vulnerability could only be used to cause Internet Explorer to
fail. The effect of exploiting the vulnerability against Internet
Explorer would be relatively minor - the user would only need to
restart the browser to restore normal operation. However, a number
of other Microsoft products - notably, most Microsoft Office
products and Microsoft Index Server - rely on Internet Explorer to
render PNG files, and exploiting the vulnerability against such an
application would cause them to fail as well. Because of this,
Microsoft recommends that customers install this patch regardless
of whether they are using Internet Explorer as their primary web
browser.

- - An information disclosure vulnerability related to the way that
Internet Explorer handles encoded characters in a URL. This
vulnerability could allow an attacker to craft a URL containing
some encoded characters that would redirect a user to a second web
site. If a user followed the URL, the attacker would be able to
piggy-back the user's access to the second website. This could
allow the attack... Read more

Read other answers
RELEVANCY SCORE 64.8

Hiya

Windows NT 4.0 Terminal Services Edition Security Patch: Kernel Mode Memory Leak Caused by Invalid TCP Checksums

This patch resolves a memory leak in one of the functions that processes incoming Remote Data Protocol via port 3389.

http://www.microsoft.com/Downloads/release.asp?ReleaseID=31615

Regards

eddie
 

Read other answers
RELEVANCY SCORE 64.8

Hiya

This patch is a cumulative patch that includes the functionality of
all security patches released for IIS 4.0 since Windows
NT 4.0 Service Pack 6a, and all security patches released to date for
IIS 5.0 and 5.1. A complete listing of the patches
superseded by this patch is provided below, in the section titled
"Additional information about this patch". Before applying
the patch, system administrators should take note of the caveats
discussed in the same section.

In addition to including previously released security patches, this
patch also includes fixes for the following newly
discovered security vulnerabilities affecting IIS 4.0, 5.0 and/or
5.1:
- A privilege elevation vulnerability affecting the way ISAPIs
are launched when an IIS 4.0, 5.0 or 5.1 server is configured
to run them out of process. By design, the hosting process
(dllhost.exe) should run only in the security context of the
IWAM_computername account; however, it can actually be made to
acquire LocalSystem privileges under certain circumstances,
thereby enabling an ISAPI to do likewise.
- A denial of service vulnerability that results because of a flaw
in the way IIS 5.0 and 5.1 allocate memory for WebDAV requests.
If a WebDAV request were malformed in a particular way, IIS would
allocate an extremely large amount of memory on the server. By
sending several such requests, an attacker could cause the server
to fail.
- A vulnerability involving the operation of the script source
acce... Read more

Read other answers
RELEVANCY SCORE 64.8

Hiya

This patch is a cumulative patch that includes the functionality of
all security patches released for IIS 4.0 since Windows NT 4.0
Service Pack 6a, and all security patches released to date for IIS
5.0 since Windows 2000 Service Pack 2 and IIS 5.1. A complete
listing of the patches superseded by this patch is provided below,
in the section titled "Additional information about this patch".
In addition to all previously released security patches, this patch
also includes fixes for the following newly discovered security
vulnerabilities affecting IIS 4.0, 5.0 and 5.1:

- - - A Cross-Site Scripting (CSS) vulnerability affecting IIS 4.0,
5.0 and 5.1 involving the error message that's returned to advise
that a requested URL has been redirected. An attacker who was able
to lure a user into clicking a link on his or her web site could
relay a request containing script to a third-party web site running
IIS, thereby causing the third-party site's response (still
including the script) to be sent to the user. The script would then
render using the security settings of the third-party site rather
than the attacker's.

- A buffer overrun that results because IIS 5.0 does not correctly
validate requests for certain types of web pages known as server
side includes. An attacker would need the ability to upload a
Server-side include page to a vulnerable IIS server. If the
attacker then requested this page, a buffer overrun could result,
whi... Read more

Read other answers
RELEVANCY SCORE 64.8

I've been avoiding this update because it contains bugs that mess up my computer (OE duplicate smilie problem and the mysterious Address Book ~ file)

How can I know when these bugs have finally been fixed ?

If 330994 is fixed, will Microsoft remove it from their website and include it in a new update package with a new number ?

Thanks
 

A:Cumulative Patch for Outlook Express (330994)

Read other 8 answers
RELEVANCY SCORE 64.4

Hiya

This update addresses the “Performance of Microsoft Commerce Server-based Programs May Degrade Over Time" issue in Windows 2000, and is discussed in Microsoft Knowledge Base (KB) Article 316430. Download now to resolve performance degradation caused by Commerce Server re-creating Lightweight Directory Access Protocol (LDAP) connections instead of re-using cached information.

This item has been updated since it was released in 04/2002.

For more information about this issue, read Microsoft KB Article: 316430

System Requirements
Supported Operating Systems: Windows 2000

Windows 2000 Professional
Windows 2000 Server
Windows 2000 Advanced Server

http://www.microsoft.com/downloads/...ca-260c-4ff0-a657-fa36fb379994&DisplayLang=en

Regards

eddie
 

Read other answers
RELEVANCY SCORE 64

Hiya

Kernel Mode Memory Leak Caused by Invalid TCP Checksums

This patch resolves a memory leak in one of the functions that processes incoming Remote Data Protocol via port 3389

http://www.microsoft.com/Downloads/release.asp?ReleaseID=30195

Regards

eddie
 

Read other answers
RELEVANCY SCORE 64

Hiya

This update resolves the "DeadLock Occurs Between Two Threads of System GDI in Windows 2000" issue in Windows 2000 and is discussed in Microsoft Knowledge Base (KB) Article Q322842. Download now to prevent your computer from not responding if you utilize user-defined fonts or characters

System Requirements

Windows 2000 Professional, Windows 2000 Server, Windows 2000 Advanced Server

Operating System - Windows 2000

http://www.microsoft.com/downloads/release.asp?ReleaseID=41080&area=search&ordinal=2

Regards

eddie
 

Read other answers
RELEVANCY SCORE 64

Did a quick google search but came out empty, where can I find a legitimate (I'm a Dreamspark Premium member) Windows 8 Pro Image with the Cumulative Patch already included in the .iso?

Thanks!

A:Windows 8 Pro Image with the Cumulative Update patch included?

What cumulative patch - did I miss something?

I haven't got win8 installed atm.

You can put the updates into your installation image easily enough - just pop the .msu files in with dism.

Win7 dism will do it fine.

Read other 8 answers
RELEVANCY SCORE 64

Hiya

This is a cumulative patch that includes the functionality of
all previously released patches for Windows Media Player 6.4, 7.1
and Windows Media Player for Windows XP. In addition, it eliminates
the following three newly discovered vulnerabilities one of which
is rated as critical severity, one of which is rated moderate
severity, and the last of which is rated low severity:

- An information disclosure vulnerability that could provide
the means to enable an attacker to run code on the user's
system and is rated as critical severity.

- A privilege elevation vulnerability that could enable an attacker
who can physically logon locally to a Windows 2000 machine and run
a program to obtain the same rights as the operating system.

- A script execution vulnerability related that could run a script
of an attacker's choice as if the user had chosen to run it after
playing a specially formed media file and then viewing a specially
constructed web page. This particular vulnerability has specific
timing requirements that makes attempts to exploit vulnerability
difficult and is rated as low severity.

It also introduces a configuration change relating to file extensions
associated with Windows Media Player. Finally, it introduces a new,
optional, security configuration feature for users or organizations
that want to take extra precautions beyond applying IE patch MS02-023
and want to disable scripting functionality in the
Windows Media Player for versions 7.x or hig... Read more

A:Cumulative Patch for Windows Media Player: June 26

Read other 11 answers
RELEVANCY SCORE 63.2

Who should read this bulletin:

Customers using Microsoft® Windows Media™ Player 6.4, 7.1 or Windows Media Player for Windows XP.

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-032.asp

Take care! angelize56
 

A:Critical-Cumulative Patch for Windows Media Player (Q320920)

Please read this first before you download. Ouch!
http://www.theregister.co.uk/content/4/25956.html
 

Read other 3 answers
RELEVANCY SCORE 62.8

Hiya

This is the Microsoft Windows XP Embedded component update to address Microsoft Security Bulletin MS01-058: 13 December 2001 Cumulative Patch for Internet Explorer (Q313675).

For more information, please see Knowledge Base Article Q313675.

YOU MAY NOT PROVIDE THIS UPDATE OR THE LOCATION (URL) OF THIS UPDATE TO ANY THIRD PARTIES.

System Requirements
Supported Operating Systems: Windows 2000, Windows XP
Requires the English Version of Windows XP Embedded. See the Windows XP Embedded System Requirements for details.

http://www.microsoft.com/downloads/...a7-d8fb-425a-b640-759583f0bf91&DisplayLang=en

Regards

eddie
 

Read other answers
RELEVANCY SCORE 61.6

Installed Windows 7 Pro on my Thinkpad (2MB memory and 120GB Hitachi HD) back in January 2014 and ever since the various Lenovo support progs have worked fine, Power Manager included.
All Fn buttons worked and sleep/hibernate and resume, etc., worked fine too.  About 2-3 weeks ago (after July 2015 patch Tuesday) I have trouble with resume, both from sleep and hibernation. Symptoms:

1. Entering sleep/hibernation works as normal.

2. Resuming from sleep/hibernation, on 1st try, the computer resumes to the password screen and then goes back (takes more time than normal) to sleep or hibernation respectively.

3. On 2nd resume try, the computer resumes okay and I can enter a password and get back to my desktop.

Any obvious fixes to this? I have run all PC-Doctor's system tests and they check out okay.


Installed Lenovo Power Manager 6.67.5 (over the 6.67.4 version), but, no difference. Same resume issues. Uninstalled PM 6.67.5 and used W7's native power management. No difference, same resume issues. Then, reinstalled an older Lenovo PM 6.64.2. All Fn buttons
works okay, but, same resume problems/issues, no change.

Could the resume issues described above be the result of one of the July 2015 Windows 7 patches?  If so, which one?  Thanks!

Read other answers
RELEVANCY SCORE 60.8

Hiya

I couldn't think in which forum to post this but as this is the Games and other applications, I hope this is okay. Iff not, please move to the right place. Thanks

Microsoft has released a patch that eliminates a security vulnerability in Microsoft® Windows Media™ Player 6.4, 7, and 7.1. This vulnerability could potentially enable a malicious user to cause code of his choice to run on another user’s computer

http://www.microsoft.com/Downloads/release.asp?ReleaseID=31459

Regards

eddie
 

Read other answers
RELEVANCY SCORE 60.4

Hiya

This self-extracting executable, BOLNotes.exe, contains a document with updates to SQL Server Books Online for SQL Server 2000. These updates include corrections, clarifications, and new topics

http://www.microsoft.com/Downloads/release.asp?ReleaseID=31343

Also

MSXML 4.0 Parser and SDK

The Microsoft® XML Parser 4.0 Technology Preview has a number of improvements compared to the April release: XSD validation with SAX and DOM, schemaLocation attribute; Schema Object Model (SOM); faster XSLT engine; new faster SAX parser; true side-by-side functionality. Old non-conformant technologies are removed: old XSL with XSLPattern; uuid namespaces for XDR; proprietary XmlParser object; normalize-line-breaks property in SAX. There is no more support for replace mode and version-independent ProgIDs

http://www.microsoft.com/Downloads/release.asp?ReleaseID=31333

Regards

eddie
 

Read other answers
RELEVANCY SCORE 59.6

Unauthorized Patch For Microsoft WMF Bug Sparks Controversy

Sober worm may hit tomorrow, but businesses are more concerned about the WFM vulnerability and Microsoft's inability to produce a patch this week. Some are choosing an alternative that could lead to other problems.

By Larry Greenemeier
InformationWeek

Jan 4, 2006 01:00 PM

Concerns over the lack of a Microsoft-issued patch have pushed the Windows Metafile/Zero-Day bug to top of mind, surpassing even tomorrow's much-anticipated Sober worm attack.

The lag time between the Dec. 27 discovery of the WMF vulnerability and Microsoft's planned Jan. 10 patch availability has forced IT security departments to find alternative means for protecting their systems and prompted a non-Microsoft developer to create a patch that others could use.

All of this serves to damage Microsoft's reputation as a company that can secure its own products—a reputation that only recently was beginning to improve after years of being dragged through the mud. Experts are divided over whether it's wise to use Ilfak Guilfanov's Hexblog patch to fix the WMF vulnerability, which could allow attackers to use WMF images to execute malicious code on their victims' computers. Some say it's a necessary measure to protect systems until the official Microsoft patch arrives; others say it's not worth the extra work to patch twice or to take the risk of using a third-party fix.

"We're advising against ... Read more

A:Solved: Unauthorized Patch For Microsoft WMF Bug (Patch Attached)

No offense but before anyone considers downloading the unoffical patch from a third party - they should at the least be aware of and check the MD5 checksum's of the files to insure they have not been tampered with...

wmf_checker_hexblog.exe - MD5: ba65e1954070074ea634308f2bab0f6a

wmf_checker_source.zip - MD5: 7ae8ac24e68baaa49e0de3f05e64a571

wmffix_hexblog14.exe - MD5: 15f0a36ea33f39c1bcf5a98e51d4f4f6

wmfhotfix.cpp - MD5: 8cf91671e353bb259cca30e06bee8bc2

An FAQ and the official unofficial hotfix and checker liinks can be found here:
http://castlecops.com/t143213-Hexblog_WMF_FAQ.html
.....Willy
 

Read other 2 answers
RELEVANCY SCORE 54.8

Hiya

Sticking this one in here, for a week

This is two fold:

A vulnerability exists in ISA Server 2000 because of the way that it handles malformed HTTP requests. An attacker could exploit the vulnerability by constructing a malicious HTTP request that could potentially allow an attacker to poison the cache of the affected ISA server. As a result, the attacker could either bypass content restrictions and access content that they would normally not have access to or they could cause users to be directed to unexpected content. Additionally, an attacker could use this in combination with a separate Cross Site Scripting vulnerability to obtain sensitive information such as logon credentials.

An elevation of privilege vulnerability exists in ISA Server 2000 that could allow an attacker who successfully exploited this vulnerability to create a NetBIOS connection with an ISA Server by utilizing the NetBIOS (all) predefined packet filter. The attacker would be limited to services that use the NetBIOS protocol running on the affected ISA Server.

Affected Software:

• Microsoft Internet Security and Acceleration (ISA) Server 2000 Service Pack 2
Note The following software programs include ISA Server 2000. Customers who use these software programs should install the provided ISA Server 2000 security update.
• Microsoft Small Business Server 2000
• Microsoft Small Business Server 2003 Premium Edition


http://www.microsoft.com/technet/security/Bulletin/MS05-034.mspx

Rega... Read more

A:Cumulative Security Update for ISA Server 2000 (899753)

unsticking now
 

Read other 1 answers
RELEVANCY SCORE 54.8

Hiya

SQL Server 2000 introduces the ability to host multiple instances of
SQL Server on a single physical machine. Each instance operates for
all intents and purposes as though it was a separate server. However,
the multiple instances cannot all use the standard SQL Server session
port (TCP 1433). While the default instance listens on TCP port 1433,
named instances listen on any port assigned to them. The SQL Server
Resolution Service, which operates on UDP port 1434, provides a way
for clients to query for the appropriate network endpoints to use for
a particular SQL Server instance.

There are three security vulnerabilities here. The first two are
buffer overruns. By sending a carefully crafted packet to the
Resolution Service, an attacker could cause portions of system memory
(the heap in one case, the stack in the other) to be overwritten.
Overwriting it with random data would likely result in the failure of
the SQL Server service; overwriting it with carefully selected data
could allow the attacker to run code in the security context of the
SQL Server service.

The third vulnerability is a denial of service vulnerability. SQL
uses a keep-alive mechanism to distinguish between active and passive
instances. It is possible to create a keep-alive packet that, when
sent to the Resolution Service, will cause SQL Server 2000 to respond
with the same information. An attacker who created such a packet,
spoofed the source address so that it appeared to come from a one SQL
Serve... Read more

Read other answers
RELEVANCY SCORE 54.8

Quote:




Microsoft is rolling out the first cumulative package of non-security-focused updates and fixes for Windows 10 one week after the company began making available to users the release-to-manufacturing (RTM) version of the operating system.

Referred to by some company watchers as "Service Release 1," the actual update package is officially known as KB3081424. (Thanks to The Verge's Tom Warren for a pointer to the KB.)

There's not a lot of information so far about what's in today's update, which Microsoft is delivering via Windows Update. The KB page says the following:"This update includes non-security-related changes to enhance the functionality of Windows 10 through new features and improvements.Windows 10 updates are cumulative. Therefore, this package contains all previously-released fixes (see KB 3074683). If you have installed previous updates, only the new fixes that are contained in this package will be downloaded and installed to your computer."





Microsoft delivers first cumulative Windows 10 update | ZDNet

A:Microsoft delivers first cumulative Windows 10 update

Microsoft Delivers Windows 10 SR1


Quote:




I know what you?re thinking. SR1? Seriously? But it?s true: just a week after the initial release of Windows 10, Microsoft has delivered the first major update to its latest OS. Dubbed Service Release 1 (SR1) internally, this cumulative update for Windows 10 provides no new features but does offer a ton of small fixes.

?This update includes non?security-related changes to enhance the functionality of Windows 10 through new features and improvements, the Knowledge Base article for this update blandly notes. ?Windows 10 updates are cumulative. Therefore, this package contains all previously-released fixes (see KB 3074683). If you have installed previous updates, only the new fixes that are contained in this package will be downloaded and installed to your computer.?




https://www.thurrott.com/windows/win...windows-10-sr1

Read other 10 answers
RELEVANCY SCORE 54.8

http://news.softpedia.com/news/micr...-8-1-will-get-cumulative-updates-509130.shtml

Microsoft will make substantial changes to the way it delivers updates to Windows 7 and 8.1 computers tomorrow when it starts the rollout of this month?s Patch Tuesday, switching to a new servicing model that?s inspired by Windows 10.

Specifically, Windows 7 and Windows 8.1 will start getting rollup updates every month, which are supposed to make it easier for users and IT admins to install them on Patch Tuesdays.

Windows 7 and Windows 8.1 computers will get a security-only quality update every month, and this will be published as ?Security Update? with a unique KB number. Additionally, there?ll be a security monthly quality rollup which is more of a monthly rollup containing all security fixes needed to bring a computer fully up to date.

?This will be published to Windows Update (where all consumer PCs will install it), WSUS, and the Windows Update Catalog. The initial monthly rollup released in October will only have new security updates from October, as well as the non-security updates from September,? Microsoft says.



Non-security fixes
And last but not least, there?ll be a third update that will include non-security fixes and which will be rolled on the third Tuesday of the month ? this means that you?ll get it a week after Patch Tuesday.

?An additional monthly rollup containing a preview of new non-security fixes that will be included in the next mo... Read more

Read other answers
RELEVANCY SCORE 54.8

From Softpedia

Microsoft has released a new Windows 10 cumulative update for systems running the Anniversary Update (1607), but the company hasn?t provided any release notes, so it?s hard to tell what exactly it?s improving.

Windows 10 cumulative update KB3199209 is now available for download via Windows Update, and Microsoft isn?t saying a single thing about it, even though interest in such updates has been fairly big lately. There?s no KB page just yet, and the Windows 10 update history page hasn?t received an update, so there?s absolutely no info on it.

But even so, users are strongly recommended to download and install this new cumulative update, and until now, there are no reports of failed installs or any other issues experienced after deploying it. But as always, it could take a while until more users get to install it, so we?ll be keeping an eye out on reports to see if there?s something wrong with it.

Botched cumulative updates
The latest cumulative updates released by Microsoft have caused problems on quite a lot of computers, and in most of the cases, they failed to install with error messages that said almost nothing about what went wrong. Microsoft investigated all these complaints and released fixes, but even so, there are users who?re still unable to install cumulative updates.

In the case of KB3199209, Microsoft might be trying to fix issues that users have been reporting with previous cumulative updates, as the download size is quit... Read more

A:Microsoft Releases Cumulative Update KB3199209

They can't say what it's effecting, most likely I will skip it till they open up.
Cool share Bora
 

Read other 1 answers
RELEVANCY SCORE 54.8

Microsoft Releases Windows 10 Cumulative Update KB3201845

Microsoft has just rolled out a new cumulative update for Windows 10 Anniversary Update (version 1607) after previously testing with the help of users enrolled in the Windows Insider program.

Windows 10 cumulative update KB3201845 doesn?t bring any new operating system features, as it?s the case with all the other cumulative updates, but only fixes and performance improvements that you can read in full in the box at the end of the article.

For example, one such fix improves ?the reliability of mobile device management (MDM) disenrollment, Distributed Component Object Model (DCOM), Peripheral Component Interface and PowerShell,? according to the changelog.

There are also fixes for issues causing File Explorer to no prompt for credentials when a user logs on with a Microsoft account, as well as repairs for problems causing the System Center Configuration Manager (SCCM) client to fail installation when a device is re-imaged using the SCCM task sequence.

The update is called ?Cumulative Update for Windows 10 Version 1607 and Windows Server 2016: December 9, 2016? and is being shipped right now via Windows Update for computers running any of these two OS versions.

Installing fine here
As it happens when Microsoft rolls out a new cumulative update for Windows 10 computers, there are concerns that it could fail to install or cause other problems on the systems it?s supposed to be deployed on. This happened... Read more

A:Microsoft Releases Cumulative Update KB3201845

Installed it. Took 10-15 minutes to install so be careful if you are in a hurry.
 

Read other 7 answers
RELEVANCY SCORE 54.4

Hiya

This patch eliminates two newly discovered vulnerabilities affecting
SQL Server 2000 and MSDE 2000:

- A buffer overrun vulnerability that occurs in several Database
Consistency Checkers (DBCCs) that ship as part of SQL Server 2000.
DBCCs are command console utilities that allow maintenance and
other operations to be performed on a SQL Server. While many of
these are executable only by sysadmin, some are executable by
members of the db_owner and db_ddladmin roles as well. In the most
serious case, exploiting this vulnerability would enable an
attacker to run code in the context of the SQL Server service,
thereby giving the attacker complete control over all databases
on the server.

- A SQL injection vulnerability that occurs in two stored
procedures used in database replication. One of these can only be
run by users who have been assigned the db_owner role; the other,
due to a permissions error, could be run by any user who could log
onto the server interactively. Exploiting the vulnerability could
enable an attacker to run operating system commands on the server,
but is subject to significant mitigating factors as discussed
below.

Maximum Severity Rating: Moderate

Affected Software:

Microsoft SQL Server 2000.
Microsoft Desktop Engine (MSDE) 2000
Download locations for this patch
SQL Server 2000:

http://support.microsoft.com/support/misc/kblookup.asp?id=Q316333

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulleti... Read more

Read other answers
RELEVANCY SCORE 54.4

Hiya

This compiled help file provides detailed instructions for deploying Microsoft® Commerce Server 2002 in a secure configuration. These instructions assume you are performing a new deployment, and therefore instruct you to install and configure each server in this sample deployment. It is recommended that you use these instructions as a guideline for deploying your own secure site.

System Requirements

Windows 2000

Operating System - Windows 2000
http://www.microsoft.com/downloads/release.asp?ReleaseID=40695&area=search&ordinal=5

Regards

eddie
 

Read other answers
RELEVANCY SCORE 54.4

Hiya

When installing SQL Server 7.0 (including MSDE 1.0), SQL Server 2000,
or a service pack for SQL Server 7.0 or SQL Server 2000, the
information provided for the install process is collected and stored
in a setup file called setup.iss. The setup.iss file can then be
used to automate the installation of additional SQL Server systems.
SQL Server 2000 also includes the ability to record an unattended
install to the setup.iss file without having to actually perform an
installation. The administrator setting up the SQL Server can supply
a password to the installation routine under the following
circumstances:

- If the SQL Server is being set up in "Mixed Mode", a password
for the SQL Server administrator (the "sa" account) must be
supplied.
- Whether in Mixed Mode or Windows Authentication Mode, a User ID
and password can optionally be supplied for the purpose of
starting up SQL Server service accounts.

In either case, the password would be stored in the setup.iss file.
Prior to SQL Server 7.0 Service Pack 4, the passwords were stored in
clear text. For SQL Server 7.0 Service Pack 4 and SQL Server 2000
Service Packs 1 and 2, the passwords are encrypted and then stored.
Additionally, a log file is created during the installation process
that shows the results of the installation. The log file would also
include any passwords that had been stored in the setup.iss file.

Maximum Severity Rating: Moderate

Affected Software:

Microsoft ... Read more

Read other answers
RELEVANCY SCORE 54.4

Hiya

This component adds WMI-based management extensions to the Visual Studio.NET Server Explorer tool through two new nodes, Management Data and Management Events. Management Data allows the developer to browse and modfiy WMI data as well as invoke methods. Management Events enables the developer to register for WMI events. Data and events can be easily added to an application being developed.

http://www.microsoft.com/Downloads/release.asp?ReleaseID=31155

Regards

eddie
 

Read other answers
RELEVANCY SCORE 54

Microsoft Finally Got Windows 10 Cumulative Updates Right This Month

Microsoft has a long history of shipping botched Windows updates, but with Windows 10, the company made everything a lot worse, as many of the cumulative updates it published failed to install or caused several other issues once deployed.

As a result, it?s no surprise that there are plenty of users out there who prefer not to install updates when they are released or to keep auto-updates off until others deploy them to determine if everything is working fine.

But since April when the Creators Update goes live, cumulative updates have provided much smoother performance, with the number of issues experienced by Windows 10 users declining substantially to the point where almost everyone can install them correctly.

This is what happened this month when cumulative updates installed correctly at a rate that exceeds 99 percent, and complaints regarding failed installs or problems caused by these patches pretty hard to find online.




Long install times
In most of the cases, users complaining about issues with this month?s cumulative updates, which are KB4025342, KB4025339, and KB4025344, point to long install times. Indeed, cumulative updates sometimes take too long to install, in some cases up to an hour, but in 99 percent of the cases, the process was completed just fine.

This is actually one of the issues that Microsoft also needs to address with cumulative updates, as the install process still ... Read more

A:Microsoft Finally Got Windows 10 Cumulative Updates Right This Month

I rarely had any issues with installing updates and none when running on a new update.
 

Read other 3 answers
RELEVANCY SCORE 54

Basically, this cumulative update, labeled as KB3105213, includes security fixes specifically aimed at Windows 10 or other OS components, such as Microsoft Edge, which got its very own share of patches this month.

Here?s what?s included in the update, as explained by Microsoft:



3105256 MS15-122: Security update for Kerberos to address security feature bypass: November 10, 2015
3104521 MS15-119: Security update in TDX.sys to address elevation of privilege: November 10, 2015
3104507 MS15-118: Security updates in the .NET Framework to address elevation of privilege: November 10, 2015
3105864 MS15-115: Security update for Windows to address remote code execution: November 10, 2015
3104519 MS15-113: Cumulative security update for Microsoft Edge: November 10, 2015
3104517 MS15-112: Cumulative security update for Internet Explorer: November 10, 2015Click to expand...

Source: Microsoft Releases Windows 10 Cumulative Update KB3105213
 

Read other answers
RELEVANCY SCORE 54

Microsoft has just rolled out a new cumulative update for PCs running Windows 10 preview builds, so if you?re not part of the Insider program, you?re not going to see it.

What?s odd with this update is that it takes the version number to Windows 10 14393.82, which the exact same version that another cumulative update released by the company earlier this week brought. In fact, Microsoft even says that if you have the old update running on your computer, you?re not going to see the new one, which is kind of weird, given the fact that it also includes an exclusive change.

Microsoft explains that this new update brings the same fixes as the previous one, with just one exception, but because you can?t see it, you?re not going be able to get this improvement - the chances are that it?ll be part of another cumulative update planned for the next weeks, so you should receive it anyway at some point in the near future.

?We have released Cumulative Update (KB3176934) to Windows 10 Insider Preview Build 14393 on PCs which will bring the build number to 14393.82. This Cumulative Update includes the same fixes as KB3176932 but with an additional fix: Improved download size optimization of updates,? Microsoft explains.

Could be released to retail users soon

What?s also interesting is that these cumulative updates are currently available for insiders only, so retailer users are very likely to get them in the coming weeks when all the testing is completed.

Windows 10... Read more

A:Microsoft Releases Windows 10 Cumulative Update KB3176934

Installed great again. Win 10 AU is love Win 10 AU is life.
 

Read other 1 answers
RELEVANCY SCORE 54

How do I reset the cumulative score on Windows 8 Microsoft games, specifically Spider?

A:Reset cumulative score on Windows 8 Microsoft games

Microsoft Solitaire Collection is a combination of card games and it does not have a Common reset option for all the games. Therefore, I'm afraid it cannot be reset.Niki Han
TechNet Community Support

Read other 7 answers
RELEVANCY SCORE 54

Microsoft officials say the latest Windows 10 cumulative update fixes problems some users were having with Windows Store. What else is in it? We have no idea.
 
The newest cumulative update is KB3081438. The Microsoft Support page says nothing about the specific features and fixes that are new to this update beyond "This update includes improvements to enhance the functionality of Windows 10."
 

Article

A:Microsoft's third Windows 10 cumulative update said to fix Store issues

"This update includes improvements to enhance the functionality"
Any update with a vague description like that should be considered suspicious. If I were offered an update worded like that for my windows 8.1 machine I would definitely refuse it, if they won't say what it is for it is either not important or not pleasant. Remember that this is the sort of language which was the wording used for the KB page of kb3035583 when it was first released (it's page has been updated since to give a more accurate description of what it does, but when that update first came out it's page was all vague like that).

Read other 11 answers
RELEVANCY SCORE 54

Microsoft to Release New Windows 10 Cumulative Updates Tomorrow

Microsoft will kick off this month?s Patch Tuesday rollout tomorrow, and in addition to security updates, the firm will also publish new cumulative updates specifically aimed at Windows 10 systems.

Cumulative updates are particularly important for Windows 10 users because they contain all available fixes, including here both security and non-security patches that are available for a specific version.

Tomorrow?s release will be focused on the security front, however, as Microsoft will patch the last known vulnerabilities in the operating system.

All supported versions of Windows 10 will get cumulative updates, and these include the new Creators Update that got the green light in April this year.

The last few cumulative updates for Windows 10 have worked pretty smoothly, with a smaller number of users reporting issues and complaining of failed installs. Furthermore, the updates that are aimed at the Creators Update also installed correctly, and there?s a good chance that the same will happen with tomorrow?s release as well.

Reboots will be needed
Cumulative updates are recommended to be installed as soon as possible, especially because they include fixes that could prevent attackers from compromising systems.

Living proof is the March cumulative updates that addressed the SMB vulnerability in Windows 10 and which protected users of the operating system against the WannaCry ransomware.

What?s imp... Read more

Read other answers
RELEVANCY SCORE 54

Microsoft Launches Windows 10 Cumulative Update KB4039396

Microsoft has just released a new Windows 10 cumulative update targeting only systems running the Anniversary Update (also known as version 1607).

Windows 10 cumulative update KB4039396 includes just two different fixes, and because it does not land on Patch Tuesday, no security improvements are shipped. What Microsoft wanted to do, however, is repair a bug introduced by a previous cumulative update and causing various problems on systems that installed it.

Microsoft explains in the release notes that this new cumulative update fixes Update History and hidden updates being lost on systems running Windows 10 Anniversary Update and where cumulative update KB4034658 was installed.
?Addressed issue where Update History and hidden updates are lost and a full scan for updates happens after installing OS Updates 14393.1532 through 14393.1613, including KB4034658. Installing this update will not restore past update history or hidden updates for users who have already installed the listed updates. However, this current update will address this issue for users who have not yet installed them,? the firm explains in the release notes.

No failed installs so far
A second bugfix reveals that Microsoft repaired a bug impacting the WSUS update metadata processing which could lead to error 0x8024401c on a number of client machines.

There are no known issues at this point and the cumulative update is supposed to install correc... Read more

Read other answers