Which Vulnerability security patches needs to be installed for SQL Server 2000 and SQL Server 2005

  • Article

There are new vulnerability security patches which have been released for sql server 2000,sql server 2005. We can refer the following KB article which provides the overview of the new patches which are released

https://support.microsoft.com/?id=941203

Below is a reference of the suitable patches for the different builds,

If We have SQL server 2005 instance which is on build between 9.00.3042-9.00.3067 we need to apply the following patch,
948109 MS08-040: Description of the security update for SQL Server 2005 GDR: July 8, 2008

If We have SQL server 2005 instance which is on build between 9.00.3150-3250 we need to apply the following patch,
948108 MS08-040: Description of the security update for SQL Server 2005 QFE: July 8, 2008

If We have sql server 2000 instance which is on build between 8.00.2039-2049 we need to apply the following patch,
948110 MS08-040: Description of the security update for SQL Server 2000 GDR and MSDE 2000: July 8, 2008

If We have sql server 2000 instance which is on build between 8.00.2148-2272 we need to apply the following patch,
948111 MS08-040: Description of the security update for SQL Server 2000 QFE and MSDE 2000: July 8, 2008

948113 MS08-040: Description of the security update for SQL Server 7.0: July 8, 2008

 

PRECAUTIONS
============

Refer the following known issues before applying the patch.

1. SQL Server 7.0 patching requires manual installation. See following KB as well as Q1 and Q2 in FAQ for more information.

953743 Supported method for applying updates to SQL Server 7.0

2. SQL 2000/2005 - Patching by Microsoft Update will not patch a disabled SQL Server 2000/MSDE/2005 instance.

The following KBs have detailed instructions on how do enable "disabled" SQL Server instances.

953740 How to identify and enable disabled SQL Server instances in SQL Server 2000

953739 SQL Server 2005 installers do not update an instance of the SQL Server service that is in a disabled state

3. SQL Server 2000/2005 - Dependent services left in stopped state.

The following KBs document specific issues for SQL 2000 and SQL 2005 respectively.

953742 SQL Server 2000 and MSDE 2000 installers stop dependent services

953741 SQL Server 2005 installers stop dependent services

There is special handling by the hotfix installers for Internet Security and Acceleration (ISA) Server service. See "Known issues with this security update" section in KB 948110 and KB 948111.

4. SQL 2005 Express Edition uninstall fails with error. See following KB on how to resolve this issue.

955250 Error message when you try to uninstall an update in SQL Server 2005: "The source installation package for the product [2] is out of sync with the client package"

It is recommended as a best practice to take a backup of all the databases and the backup of the binaries generally located in c:\program files\Microsoft sql server\<instancename> folder before applying the patch which can useful for restoration if the patch do not upgrade the server successfully.

Please ensure to test the update on developement environment before applying in production.

 

 

 

Parikshit Savjani

SE, Microsoft SQL Server