Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 Site Related Forums
 Article Discussion
 Article: New SQL Server Cumulative Security Patch

Author  Topic 

AskSQLTeam
Ask SQLTeam Question

0 Posts

Posted - 2002-10-03 : 10:30:08
Lance submitted "Cumulative Patch for SQL Server (Q316333). Who should read this bulletin: System administrators using Microsoft® SQL Server™ 7.0, SQL Server 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000. Impact of vulnerability: Four vulnerabilities, the most serious of which could enable an attacker to gain control over an affected server. Maximum Severity Rating: Critical ." This should be applied to all Internet facing servers as soon as possible.

Article Link.

KHeon
Posting Yak Master

135 Posts

Posted - 2002-10-07 : 08:28:35
Just did a test patching on our dev servers (protocol before applying to a production server). Install is manual as in previous hotfixes and took about 30 minutes first pass, half that the second time. Of course this is not in a clustering or replication setup.

Kyle Heon
PixelMEDIA, Inc.
Senior Application Programmer, MCP
kheon@pixelmedia.com
Go to Top of Page

VyasKN
SQL Server MVP & SQLTeam MVY

313 Posts

Posted - 2002-10-08 : 15:01:52
I have a little app that makes sure you are on SP2, backs up all current files, replaces the files. Creates an UNDO script. Complete hotfix installation takes a minute :-) Can't afford anymore than that, especially when dealing with high volume production servers.

Planning to post the app on my website, when I find some time.

--
HTH,
Vyas
http://vyaskn.tripod.com
Go to Top of Page

Merkin
Funky Drop Bear Fearing SQL Dude!

4970 Posts

Posted - 2002-10-08 : 19:05:46
That sounds very handy Vyas. Be sure to post here when you do that, I'm sure there are lots of people that would be interested in something like that.

Damian
Go to Top of Page

ruddyj
Starting Member

1 Post

Posted - 2002-10-21 : 02:26:02
Until Vyas releases his app here is a batch file I have been using. There are a couple of parameters to set at the top, but should be easy enough to follow. << Regards Jim

---snip----
@echo oFF
:: Updated for the 8.00.0679--SQL-FIX
echo ********** This batch file is to apply the post SQLSP2 hotfixes
echo ********** SP2 must be installed!!!!!!!!!!!
echo ********** Ctrl+c to quit this batch

pause
CLS
net stop mssqlserver /y

:: Make the path settings here only.
set MySqlPath=D:\Program Files\Microsoft SQL Server\MSSQL
set MyDataPath=D:\MSSQLDATA\MSSQL
:: NO USER CONFIGURATION NEEDED BELOW HERE
MD "%Mysqlpath%\binnBAK"

pause
@ECHO ON
:::::::::::::: Backup files

copy "%Mysqlpath%\Binn\exe\sqlservr.pdb" "%Mysqlpath%\BinnBAK\sqlservr.pdb.PRE6797"
copy "%Mysqlpath%\binn\sqlservr.exe" "%Mysqlpath%\BinnBAK\sqlservr.PRE6797"
copy "%programfiles%\Microsoft SQL Server\80\COM\impprov.dll" "%Mysqlpath%\BinnBAK\impprov.dll.PRE6797"
copy "%Mysqlpath%\Binn\odsole70.dll" "%Mysqlpath%\BinnBAK\odsole70.dll.PRE6797"
copy "%Mysqlpath%\binn\dll\ssnetlib.pdb" "%Mysqlpath%\BinnBAK\ssnetlib.pdb.PRE6797"
copy "%Mysqlpath%\Binn\xplog70.dll" "%Mysqlpath%\BinnBAK\xplog70.dll.PRE6797"
copy "%Mysqlpath%\Binn\xpqueue.dll" "%Mysqlpath%\BinnBAK\xpqueue.dll.PRE6797"
copy "%Mysqlpath%\Binn\xprepl.dll" "%Mysqlpath%\BinnBAK\xprepl.dll.PRE6797"
copy "%Mysqlpath%\Binn\xpstar.dll" "%Mysqlpath%\BinnBAK\xpstar.PRE6797"
copy "%Mysqlpath%\Binn\xpweb70.dll" "%Mysqlpath%\BinnBAK\xpweb70.dll.PRE6797"
:: Added with 655/667 Patch
copy "%MyDataPath%\data\distmdl.mdf" "%MyDataPath%\backup\distmdl.mdf.PRE6797"
copy "%MyDataPath%\data\distmdl.ldf" "%MyDataPath%\backup\distmdl.ldf.PRE6797"
copy "%Mysqlpath%\install\instdist.sql" "%Mysqlpath%\BinnBAK\instdist.sql.PRE6797"
copy "%Mysqlpath%\install\replcom.sql" "%Mysqlpath%\BinnBAK\replcom.sql.PRE6797"
copy "%Mysqlpath%\install\replmerg.sql" "%Mysqlpath%\BinnBAK\replmerg.sql.PRE6797"
copy "%Mysqlpath%\install\Repltran.sql" "%Mysqlpath%\BinnBAK\Repltran.sql.PRE6797"
copy "%Mysqlpath%\install\replsys.sql" "%Mysqlpath%\BinnBAK\replsys.sql.PRE6797"
copy "%Mysqlpath%\binn\ssnetlib.dll" "%Mysqlpath%\BinnBAK\ssnetlib.dll.PRE6797"
:: Added with 679 Patch
copy "%Mysqlpath%\Binn\sqlcmdss.dll" "%Mysqlpath%\BinnBAK\sqlcmdss.dll.PRE6797"
copy "%Mysqlpath%\Binn\sqlagent.dll" "%Mysqlpath%\BinnBAK\sqlagent.dll.PRE6797"
copy "%Mysqlpath%\Binn\sqlagent.exe" "%Mysqlpath%\BinnBAK\sqlagent.exe.PRE6797"
copy "%programfiles%\Microsoft SQL Server\80\COM\rdistcom.dll" "%Mysqlpath%\BinnBAK\rdistcom.dll.PRE6797"
copy "%programfiles%\Microsoft SQL Server\80\COM\replmerg.exe" "%Mysqlpath%\BinnBAK\replmerg.exe.PRE6797"
copy "%programfiles%\Microsoft SQL Server\80\COM\rinitcom.dll" "%Mysqlpath%\BinnBAK\rinitcom.dll.PRE6797"
copy "%programfiles%\Microsoft SQL Server\80\COM\qrdrsvc.exe" "%Mysqlpath%\BinnBAK\qrdrsvc.exe.PRE6797"
copy "%programfiles%\Microsoft SQL Server\80\COM\logread.exe" "%Mysqlpath%\BinnBAK\logread.exe.PRE6797"
copy "%Mysqlpath%\Binn\resources\1033\sqlcmdss.rll" "%Mysqlpath%\BinnBAK\sqlcmdss.rll.PRE6797"
copy "%Mysqlpath%\Binn\resources\1033\sqlagent.rll" "%Mysqlpath%\BinnBAK\sqlagent.rll.PRE6797"
@ECHO OFF


pause

:::::::::::::: copy new files in.
@ECHO ON
copy sqlservr.exe "%Mysqlpath%\Binn"
copy xpstar.dll "%Mysqlpath%\Binn"
copy exe\sqlservr.pdb "%Mysqlpath%\Binn\exe"
copy impprov.dll "%programfiles%\Microsoft SQL Server\80\COM\"
copy odsole70.dll "%Mysqlpath%\Binn\"
copy xplog70.dll "%Mysqlpath%\Binn\"
copy xpqueue.dll "%Mysqlpath%\Binn\"
copy xprepl.dll "%Mysqlpath%\Binn\"
copy xpweb70.dll "%Mysqlpath%\Binn\"
:: Added with 655/667
copy "instdist.sql" "%Mysqlpath%\install\"
copy "replcom.sql" "%Mysqlpath%\install\"
copy "replmerg.sql" "%Mysqlpath%\install\"
copy "Repltran.sql" "%Mysqlpath%\install\"
copy "replsys.sql" "%Mysqlpath%\install\"
copy "ssnetlib.dll" "%Mysqlpath%\binn\"
copy "ssnetlib.pdb" "%Mysqlpath%\binn\dll\"
copy "distmdl.mdf" "%MyDataPath%\data\"
copy "distmdl.ldf" "%MyDataPath%\data\"
:: Added with 679
copy sqlcmdss.dll "%Mysqlpath%\Binn\"
copy sqlagent.dll "%Mysqlpath%\Binn\"
copy sqlagent.exe "%Mysqlpath%\Binn\"
copy rdistcom.dll "%programfiles%\Microsoft SQL Server\80\COM\"
copy replmerg.exe "%programfiles%\Microsoft SQL Server\80\COM\"
copy rinitcom.dll "%programfiles%\Microsoft SQL Server\80\COM\"
copy qrdrsvc.exe "%programfiles%\Microsoft SQL Server\80\COM\"
copy logread.exe "%programfiles%\Microsoft SQL Server\80\COM\"
copy sqlcmdss.rll "%Mysqlpath%\Binn\resources\1033\"
copy sqlagent.rll "%Mysqlpath%\Binn\resources\1033\"
@ECHO OFF
::call servpriv MSSQLSERVER
::call killpwd.exe

:::::::::::::: Files backed up and copied...Apply SQL script...
pause
NET START mssqlserver
@ECHO ON
sleep 2
osql -E -iqfe356326.sql
sleep 2
osql -E -iSecurityHotfix.sql
sleep 3
:::::::::::::: :::::::::::::: patch complete
NET START SQLSERVERAGENT
@ECHO OFF
@echo ********
@echo ********
@echo ********
@echo ********
@echo ********
@echo ********

@echo ******** If this server is a replication distributor please run
@echo ******** osql -E -ddistribution -iqfe360814_dist.sql from the command line.


@echo ********
@echo ********
@echo ********
@echo ********
@echo ********
@echo ********
@echo ********

pause

Go to Top of Page
   

- Advertisement -