Re: Should I bother to install KB891861 Update Rollup 1 on a Windows 2000 Server?
- From: "PA Bear" <PABearMVP@xxxxxxxxx>
- Date: Wed, 20 Jul 2005 18:44:19 -0400
Read the KB article: http://support.microsoft.com/?id=891861 It lists all the updates included in the Rollup; they include two (2) Cumulative Security Updates for IE5.01 in Win2K SP4, MS05-014 and MS05-020. [But if they're *cumulative* updates, why both?]
<QP>
Q3: Should I install Update Rollup 1 even if I have kept my Windows 2000 SP4 systems up to date?
A3: Yes. Update Rollup 1 contains additional important fixes in files that have not previously been part of individual security updates, as described in the Knowledge Base Article. In addition, the Update Rollup 1 contains additional enhancements that increase system security, reliability, reduce support costs, and support the current generation of PC hardware. In some cases, the individual binary files released in previous individual security updates may have been updated via individual hotfixes to address minor compatibility issues introduced in those prior security updates that affected individual customers. The latest versions of those files are included in the Update Rollup.
Therefore, even if a system is fully up to date with prior security releases, Windows Update will still detect and apply the Update Rollup. Customers who use managed security update deployment solutions should evaluate the need to deploy Update Rollup 1 within their infrastructure
</QP>
The Rollup does not update IE or OE:
<QP>
Update Rollup for Windows 2000 does not contain updates for individual Windows components not included with a clean slipstream install of Windows 2000 SP4. If there are components previously installed or updated on the system, the individual security updates must be downloaded separately from Windows Update.
Examples include the following:
.. MS03-011 - Flaw in Microsoft VM Could Enable System Compromise (KB816093) - The Microsoft VM is not included in SP4 natively. However the VM may be resident on systems which were updated to SP4 from a prior SP or installed by a third party software package.
.. Internet Explorer 6 and Outlook Express 6 - Internet Explorer 5.01 was originally included with Windows 2000. Service Packs for Windows 2000 only service this original version. Microsoft recommends that you install Internet Explorer 6 SP1 and the current cumulative Internet Explorer security updates on Windows 2000 computers for maximum security.
</QP>
--
HTH
~Robear Dyer (PA Bear) MS MVP-Windows (IE/OE) & Security
Nate Goulet wrote:
On Wed, 20 Jul 2005 15:30:26 -0400, "PA Bear" <PABearMVP@xxxxxxxxx> wrote:
> Is Windows Update offering you 891861? Is Win2K SP3 or SP4 installed? > > Cumulative Security Updates for Internet Explorer address > vulnerabilities in Windows, too. I suggest you keep up-to-date on > these.
It's a Windows 2000 Server with SP4 installed.
Windows update is offering KB891861. Does that update include IE6 if it isn't installed? (would prefer not to do that).
I've spoken to many other consultants both in the forums & in person about if I really need to install IE6 on the server to keep it free from vulerabilities.
The vast majority of people i've discussed it with agreed that if we are not surfing the web on the server, then we are fine keeping IE5 with it's associated critical updates and leaving IE6 off the server.
Are you saying you disagree? If so, i'm not saying your wrong either. Even those i've talked with that are Microsoft certified engineers agreed that Windows will be safe on the server without IE6 as long as the only thing IE5 is used for is doing Windows updates. I know Microsoft always likes to promote their newest stuff, but that doesn't automatically mean IE6 is required just to keep Windows secure.
I'd like to hear any comments anyone has to share on this.
The way I look at it, we only have one server currently and 30 - 50 people depending on it. Just installing a Windows update could potential cause a problem, and if we had IE6 on there, new updates would need to be installed constantly. I'm keeping my fingers crossed every time I run a Windows update. The other issue is we don't have a lot of free space on the C partion, and installing IE6 might chew up more space than we can afford on C. We have plenty of space on other drives. Our specialist had partioned C to only have 4 Gigs. Changing that with Partion Magic sounds risky.
The main thing is I want to make certain the server is reasonably
protected.
.
- Follow-Ups:
- Re: Should I bother to install KB891861 Update Rollup 1 on a Windows 2000 Server?
- From: Nate Goulet
- Re: Should I bother to install KB891861 Update Rollup 1 on a Windows 2000 Server?
- From: Tom Pepper Willett
- Re: Should I bother to install KB891861 Update Rollup 1 on a Windows 2000 Server?
- References:
- Prev by Date: Re: update rollup 1 for 2000 service pack 4 (KB891861)
- Next by Date: Re: [Error number: 0x8007041D]
- Previous by thread: Re: Should I bother to install KB891861 Update Rollup 1 on a Windows 2000 Server?
- Next by thread: Re: Should I bother to install KB891861 Update Rollup 1 on a Windows 2000 Server?
- Index(es):
Relevant Pages
|
