Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista
      Digg this story   Add to del.icio.us  
Patching Windows 2000
SecurityFocus 2001-08-23

Service Packs & Hotfixes

Details on Post-SP2 Hotfixes
Using Hfnetchk

Overview

Microsoft releases Service Packs in an effort to provide revisions for applications, services, and or executables that are in need of a 'fix'. Service Packs (SP) are released several times per year, depending upon need. Each Service Pack builds upon earlier SP releases (i.e. SP2 should contain all the fixes provided by SP 1, plus fixes released since SP1). There are rare cases where an earlier SP may contain features or services not present in a newer SP - these will be noted where appropriate.

If you are installing a new Windows 2000 host, you should install SP2 soon after installing from the original media. If you have existing hosts running without a Service Pack or with an earlier Service Pack version, you should consider applying SP2. (** as with any major software changes, you should evaluate Service Packs and hotfixes on a non-production box before applying them to critical hosts**)

Hotfixes are released to address major flaws (usually security related) that should be corrected immediately, rather than waiting to release the fix in the next Service Pack. Hotfixes are usually specific to a given Service Pack and contain only those files necessary to correct the problem at hand. In some instances, two separate hotfixes may contain changes to the same file. In this case, it is important to apply hotfixes in a particular order, installing the hotfix with the earlier dated files first, then installing the hotfix with the more recent version of the same file.

Installation

Installing Service Packs and hotfixes is an ongoing challenge. Each time you install a file or service from the original installation media, you must re-apply the Service Pack and Hotfixes (in case the original media installation installed a file that was subsequently addressed in a Service Pack or Hotfix). Typically, installation of the Service Pack prompts the user to reboot the host upon completion. Each hotfix also prompts the user to reboot the host. In some cases, this would require rebooting the machine 10+ times! On top of all this, the fixes must sometimes be installed in a particular order. Not many systems administrators have time to do this across the X number of machines in their enterprise.

To this end, Microsoft has released a tool called QChain which allows multiple hotfixes to be installed with only a single reboot at the end.

Relevant Links

 Microsoft Network Security Hotfix Checker Tool
Microsoft

Service Pack Details
Microsoft

Microsoft Security Page
Microsoft

Microsoft Security Advisories
Microsoft

Using QChain to Install Multiple Hotfixes
Microsoft


SecurityFocus accepts Infocus article submissions from members of the security community. Articles are published based on outstanding merit and level of technical detail. Full submission guidelines can be found at http://www.securityfocus.com/static/submissions.html.
    Digg this story   Add to del.icio.us  
Comments Mode:







 

Privacy Statement
Copyright 2008, SecurityFocus