Re: April Security Patches and SQL Server

From: Stephen Dybing [MSFT] (stephd_at_online.microsoft.com)
Date: 04/27/04 

Date: Tue, 27 Apr 2004 09:09:33 -0700

I'll just repeat what Mark said and suggest that you open up a case with PSS
to track down your problems with the patch. I'm sorry, but while I work in
PSS, I don't work on the support team and can't help you. 

-- 
Sincerely,
Stephen Dybing
This posting is provided "AS IS" with no warranties, and confers no rights.
"John" <jkraeck@NOprincetonSPAM.edu> wrote in message
news:ukKS0RGLEHA.808@tk2msftngp13.phx.gbl...
> Stephen,
>
> Well, yesterday, both were not listed in my default reader, Outlook
Express,
> and searching only brought up the reply. Today, the search found Mark's
> response, my followup and your followup. Looking down the list, I do not
> find my original post of 4/22. Just reporting what I see.
>
> Are there any known problems with this patch?
>
> We immediately saw unscheduled reboots of our SQL Server (2000sp/3a
running
> on Win2k Server sp4). Typically these are network related, and I have not
> seen anything untoward happening when running perfmon and sql profiler
> against the server, but they began almost immediately after the sus push
of
> these patches to the server.
>
> We also experienced problems with a third party web application trying to
> access the database server. This application is running on a Windows
> 2000/sp4 server running IIS5.0 with SSL. The application reported numerous
> connection failures to the database. SQL Profiler did show any failed
login
> attempts, so I have to assume that it was the applications data tier that
> was having the problem; but again, the problem did not exist until the
> patches were applied.
>
> Removing the patches resolved the issue, but clearly this is not a
situation
> I want to maintain for any length of time.
>
> Regards,
>    John
>
>
> "Stephen Dybing [MSFT]" <stephd@online.microsoft.com> wrote in message
> news:%23aUwOT7KEHA.3052@TK2MSFTNGP12.phx.gbl...
> > Nope, Microsoft is not taking editorial license on this or any other
post
> > that isn't spam, pornography, personal attacks, or something else nasty
> like
> > that.
> >
> > I can see both your original post (Message-ID:
> > <esSncLKKEHA.2884@TK2MSFTNGP12.phx.gbl>) and Mark's followup
(Message-ID:
> > <uigrjjQKEHA.3944@tk2msftngp13.phx.gbl>) on msnews.microsoft.com using
> > Outlook Express. I can also see them using our web newsreader at:
> >
> >
>
http://www.microsoft.com/sql/community/newsgroups/dgbrowser/en-us/default.mspx?query=April+security+patches&dg=microsoft.public.sqlserver.server&cat=&la
>
ng=en&cr=US&pt=&catlist=6C839803-6334-48D8-A2C3-72A1BEF0053D&dglist=&ptlist=
> >
> > -- 
> > Sincerely,
> > Stephen Dybing
> >
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> >
> > "John" <jkraeck@NOprincetonSPAM.edu> wrote in message
> > news:Ow6KCQ5KEHA.240@TK2MSFTNGP10.phx.gbl...
> > > Mark,
> > >
> > > Thanks, for the response. I guess it is time to use up one of our MSDN
> > > support calls. This set of patches has significantly reduced the
> > > availability of two servers that had been running with no problems for
> > > months, and of course, since it includes the RPC/DCOM patch, we cannot
> > > remove the patch since this is an exploit that requires no I/O
> (inadequate
> > > operator) action.
> > >
> > > Curious though that neither my original post or your response
displayed
> in
> > > the newsgroup. I only found your response, by searching the forum for
> the
> > > subject line of my post. Is Microsoft taking editorial license?
> > >
> > > Cheers,
> > >       John
> > >
> > > "Mark Allison" <marka@no.tinned.meat.mvps.org> wrote in message
> > > news:uigrjjQKEHA.3944@tk2msftngp13.phx.gbl...
> > > > I don't know how to solve your issue, but I would recommend you call
> > > > Microsoft Product Support Services (MS PSS).
> > > >
> > > > -- 
> > > > Mark Allison, SQL Server MVP
> > > > http://www.markallison.co.uk
> > > >
> > > >
> > > >
> > > >
> > > > "John" <jkraeck@NOprincetonSPAM.edu> wrote in message
> > > > news:esSncLKKEHA.2884@TK2MSFTNGP12.phx.gbl...
> > > > > We are running SQL Server 2000/sp3a on a relatively new server
sized
> > to
> > > > meet
> > > > > our needs for the foreseeable future. The OS is Win2k/sp4.  It has
> > been
> > > > > running very well since installed; the last reboot was over a
month
> > ago
> > > > and
> > > > > that was scheduled for security updates.
> > > > >
> > > > > On Monday evening, we installed the April security patches:
> > > > >
> > > > > Microsoft KB837001 MS04-014:Vulnerability in Microsoft Jet
Database
> > > Engine
> > > > > could permit code execution
> > > > > Microsoft KB828741 MS04-012: Cumulative Update for Microsoft
> RPC/DCOM
> > > > > Microsoft KB835732 MS04-011: Security Update for Microsoft Windows
> > > > > Microsoft KB837009 MS04-013: Cumulative Security Update for
Outlook
> > > > Express
> > > > > Microsoft KB831167: Wininet retries POST requests with a blank
> header.
> > > > >
> > > > > ...via SUS. The server has been averaging three unscheduled
reboots
> > per
> > > > day
> > > > > since. If anyone has any ideas, I would be most grateful. We have
> had
> > > > little
> > > > > luck analyzing the dump file. My guess is that it has something to
> do
> > > with
> > > > > the RPC/DCOM patch, since it is serving data for several third
party
> > web
> > > > and
> > > > > windows client applications.
> > > > >
> > > > > Thanks,
> > > > >     John
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages