Update Rollup 1 for Windows 2000 SP4
(Details)
| Article ID |
: |
891861 |
| Last Review |
: |
June 28, 2005 |
| Revision |
: |
5.0 |
On this page
SUMMARY
This article describes
Update Rollup 1 for Microsoft Windows 2000 Service Pack 4 (SP4). Update Rollup 1
for Windows 2000 SP4 was released June 28, 2005. This update rollup contains a
list of security-related updates produced for Windows 2000 between the release
of Windows 2000 SP4 and April 30, 2005. April 30, 2005 is the date when the
contents for Update Rollup 1 were locked down for final testing by Microsoft,
external beta testing sites, and customer sites. Additionally, this update
rollup contains several important non-security updates. This article contains
detailed information about this update rollup, answers frequently asked
questions about this update rollup, and lists the fixes that are included in
this update rollup.
INTRODUCTION
This article contains
information about Update Rollup 1 for Windows 2000 SP4 and answers frequently
asked questions about this update rollup. This article also lists the fixes that
are included in this update rollup and includes information about
security-related changes in the Windows 2000 Telephony Application Programming
Interface (TAPI). Update Rollup 1 for Windows 2000 SP4 makes it easier for
customers to enhance and maintain the security and stability of their Windows
2000-based computers. For more information about the problems that are fixed in
Update Rollup 1 for Windows 2000 SP4, click the following article number to view
the article in the Microsoft Knowledge Base:
900345 Problems that are
fixed in the Update Rollup 1 for Windows 2000 Service Pack 4 that is dated June
28, 2005
MORE INFORMATION
Download
information
To download and install
Update Rollup 1 for Windows 2000 SP4, visit the following Microsoft Windows
Update Web site, and then install high-priority update 891861:
You can also download
this update rollup to deploy to multiple Windows 2000-based computers. The
package is available from the Microsoft Download Center. To download the package
from the Windows Update Catalog, search for this article ID number (891861) by
using the Advanced Search Options feature in the Windows Update Catalog. For
more information about how to download updates from the Windows Update Catalog,
click the following article number to view the article in the Microsoft
Knowledge Base:
323166 How to download
Windows updates and drivers from the Windows Update Catalog
The following file is available for
download from the Microsoft Download Center:
Download
the Windows2000-KB891861-x86-ENU.EXE package now.
Release
Date: June 27, 2005
For more information about how to download Microsoft
Support files, click the following article number to view the article in the
Microsoft Knowledge Base:
119591 How to obtain
Microsoft support files from online services
Microsoft scanned this
file for viruses. Microsoft used the most current virus-detection software that
was available on the date that the file was posted. The file is stored on
security-enhanced servers that help prevent any unauthorized changes to the
file.
By including the most important updates for Windows 2000, Update
Rollup 1 for Windows 2000 SP4 helps customers to make existing Windows
2000-based computers more secure and up to date. Update Rollup 1 for Windows
2000 SP4 will also make it easier for customers to build new deployment images.
This update rollup should require less pre-deployment testing because the number
of updates included in Update Rollup 1 for Windows 2000 SP4 is significantly
smaller than the number of updates that are typically included in a service
pack. Most customers will have current versions of many of the files already
installed from prior updates. Additionally, Microsoft will have already released
most of the contents of the update rollup as individual updates and hotfixes.
Individual hotfixes that are not included in this update rollup and that are
released after Windows 2000 SP4 was released will be available as individual
downloads.
Because Microsoft believes that Update Rollup 1 for Windows
SP4 will meet the needs of customers better than a new service pack for Windows
2000, Microsoft will not release a Service Pack 5 for Windows 2000. Therefore,
Windows 2000 SP4 is the final service pack for Windows 2000. Customers who have
not yet deployed Windows 2000 SP4 should consider deploying Windows 2000 SP4 as
soon as possible. Windows 2000 with SP4 is a prerequisite for Update Rollup 1
for Windows 2000 SP4.
Frequently asked
questions
Q1: Why does
Microsoft believe that Update Rollup 1 for Windows 2000 SP4 meets the needs of
customers better than a service pack for Windows 2000?
A1: Microsoft
talked to many customers about their plans for maintaining their Windows 2000
deployments. The most frequent requests were for Microsoft to make it as easy as
possible to keep Windows 2000-based computers up to date from a security
perspective, and to reduce the amount of pre-deployment testing that customers
have to perform. Update rollups help customers to make their computers more
secure. Update rollups also help customers to build new system images without
having to apply and to track lots of individual hotfixes. The Update Rollup 1
for Windows 2000 SP4 should require less pre-deployment testing because the
number of updates that are included in the update rollup is significantly
smaller than the number of updates that are typically included in a service
pack. Additionally, Microsoft will have already released most of the contents of
Update Rollup 1 for Windows 2000 SP4 as individual updates and
hotfixes.
Because Windows 2000 has reached a high level of product
maturity, many of the Windows 2000 hotfixes that have been released since
Windows 2000 SP4 was released address relatively obscure issues that affect a
small number of customers. At this point in the life cycle of Windows 2000, an
update rollup provides the maximum utility at the minimum risk of instability.
Q2: How will Microsoft
list Update Rollup 1 for Windows SP4 on the Windows Update Web site?
A2:
The Update Rollup 1 for Windows SP4 is a high-priority update on the Windows
Update Web site. On the Windows Update site, this update rollup will be listed
in the “Critical and Service Packs” category. Windows Update will be
transitioning Windows 2000 customers to a new version of Windows Update during
the next few months. After this transition, Update Rollup 1 for Windows 2000 SP4
will be listed in the “High Priority Updates” category.
Q3: Should I install
Update Rollup 1 even if I have kept my Windows 2000 SP4 systems up to date?
A3: Yes. Update Rollup 1 contains additional important fixes in files
that have not previously been part of individual security updates, as described
in the Knowledge Base Article. In addition, the Update Rollup 1 contains
additional enhancements that increase system security, reliability, reduce
support costs, and support the current generation of PC hardware. In some cases,
the individual binary files released in previous individual security updates may
have been updated via individual hotfixes to address minor compatibility issues
introduced in those prior security updates that affected individual customers.
The latest versions of those files are included in the Update Rollup.
Therefore, even if a system is fully up to date with prior security
releases, Windows Update will still detect and apply the Update Rollup.
Customers who use managed security update deployment solutions should evaluate
the need to deploy Update Rollup 1 within their infrastructure
Q4: Will Update Rollup
1 for Windows 2000 SP4 be distributed over Automatic Updates?
A4:
Initially the Update Rollup will not be distributed over Automatic Updates. This
is due to the upcoming transition from the Windows Update v4 to the v6
infrastructure during July 2005. Update Rollup is designed to work with
Automatic Updates using the v6 infrastructure, not the v4 infrastructure. Once
the v6 infrastructure transition is complete, expected in early July 2005,
Automatic Updates will be enabled for Update Rollup.
Q5: Will there be an administrative blocking tool
for Update Rollup 1 like there was for Windows XP SP2?
A5: No, Update
Rollup 1 for Windows 2000 SP4 is not a service pack. Therefore, this update
rollup does not require the same level of deployment control. This update rollup
is treated like other security or reliability updates, which are normally
distributed over Windows Update and via Automatic Updates.
Q6: Do I have to
install the individual security bulletin updates before I install Update Rollup
1 for Windows 2000 on new installations of Windows 2000?
A6: No. First
install SP4 for Windows 2000, and then install the update rollup. After you
install Update Rollup 1 for Windows 2000 SP4, run Windows Update to find and
additional updates that were released after April 30, 2005 or that were
otherwise not included in Update Rollup 1 for Windows 2000 SP4.
Q7: Will customers be
required to deploy Update Rollup 1 for Windows 2000 SP4?
A7: There will
be no requirement for customers to deploy Update Rollup 1 for Windows 2000 SP4.
Microsoft designed the update rollup to make it easy to keep Windows 2000-based
computers up to date with security updates and other important updates.
Therefore, when the update rollup is released, we strongly recommend that
customers deploy Update Rollup 1 for Windows 2000 SP4 as soon as they can.
Q8: After Update Rollup
1 for Windows SP4 is deployed to a computer that is running Windows 2000 SP4,
will the service pack level of Windows 2000 change?
A8: No. The service
pack level of the computer remains as Windows 2000 SP4. After you deploy Update
Rollup 1 for Windows SP4, the computer will be up to date from a life-cycle
policy perspective until the end-of-life date for Windows 2000. The end-of-life
date for Windows 2000 will be no sooner than January 1, 2010.
Q9: Is this the first
time that Microsoft has produced an update rollup instead of a service pack?
A9: No. Microsoft has produced update rollups before.
For more
information about an update rollup that was previously released by Microsoft,
visit the following Microsoft Web site:
For more information about update
rollups that were previously released by Microsoft, click the following article
numbers to view the articles in the Microsoft Knowledge Base:
826939 Update Rollup 1 for
Windows XP is available
311401 Windows 2000 Security
Rollup Package 1 (SR311401), January 2002
Q10: If Update
Rollup 1 for Windows 2000 SP4 offers significant benefits over a new service
pack, why does Microsoft not always use update rollups? That is, why does
Microsoft not use update rollups instead of service packs?
A10: Service
packs and update rollups play different, yet complimentary roles. Service packs
are good for the delivery of lots of important updates and new features that
customers request to have before the next release of a major operating system.
Update rollups are good for the delivery of a selected group of updates as an
interim release vehicle. Update rollups are used when there is a longer than
typical gap between service packs for a particular product. Later in the life
cycle of a product, update rollups also are a good mechanism to use to make it
easier for customers to keep their computers up to date without requiring
customers to deploy all the updates that are available for a product.
Q11: How does Microsoft
determine the contents of Update Rollup 1 for Windows 2000 SP4? That is, how
does Microsoft decide what are the most popular or important hotfixes to include
in the update rollup?
A11: Microsoft examined the number of times that
customers have requested and have downloaded individual hotfixes from Microsoft
Web sites and from Product Support. Microsoft also evaluates potential
operational cost savings that are based on the experiences that Microsoft has in
its own Microsoft Windows 2000 data center environment.
Q12: What kinds of
updates are included in Update Rollup 1 for Windows 2000 SP4?
A12: The
Update Rollup 1 for Windows 2000 SP4 will contain all security-related updates
that are produced for Windows 2000 between the release of SP4 and April 30,
2005, when the contents for Update Rollup 1 were locked down for final testing
by Microsoft and by external beta & customer sites. The Update Rollup 1 for
Windows 2000 SP4 will also contain a small number of important non-security
updates. The Update Rollup 1 for Windows 2000 SP4 will contain updates that meet
the following criteria:
| • |
Updates that broadly apply to a
variety of customers. |
| • |
Updates that are frequently
downloaded by customers. |
| • |
Updates that have the potential
to help customers significantly decrease their IT costs. For example,
Update Rollup 1 for Windows 2000 SP4 will contain updates that address
issues that are time-consuming for support professionals to troubleshoot
and fix. |
| • |
Updates that were shipped to lots of new
computers by major Windows original equipment manufacturers (OEMs) since
Windows 2000 SP4 was released.
|
Q13: What are
the specific updates and hotfixes that are included in Update Rollup 1 for
Windows 2000 SP4?
A13: The following table lists all the updates and
hotfixes that are included in Update Rollup 1 for Windows 2000 SP4.
Fixes that are included
in Update Rollup 1 for Windows 2000 SP4
Update Rollup 1 for
Windows 2000 SP4 includes the following post-SP4 fixes:
| Security Bulletin |
Article title |
Article
number |
|
MS02-050 |
Certificate validation flaw
might permit identity spoofing |
|
|
MS03-030 |
Unchecked Buffer in DirectX
Could Enable System Compromise |
|
|
MS03-022 |
Vulnerability in ISAPI
Extension for Windows Media Services may cause code
execution |
|
|
MS03-025 |
Flaw in Windows message
handling through Utility Manager could enable privilege
elevation |
|
|
MS03-041 |
Vulnerability in Authenticode
Verification Could Allow Remote Code Execution |
|
|
MS03-023 |
Buffer overrun in the HTML
converter could allow code execution |
|
|
MS03-026 |
Buffer Overrun in RPC May
Allow Code Execution |
|
|
MS03-034 |
Flaw in NetBIOS could lead to
information disclosure |
|
|
MS03-045 |
Buffer overrun in the ListBox
and in the ComboBox Control could allow code execution |
|
|
MS03-039 |
A buffer overrun in RPCSS
could allow an attacker to run malicious programs |
|
|
MS03-044 |
Buffer overrun in Windows
Help and Support Center could lead to system compromise |
|
|
MS03-042 |
Buffer Overflow in Windows
Troubleshooter ActiveX Control Could Allow Code Execution |
|
|
MS03-043 |
Buffer overrun in Messenger
service could allow code execution |
|
|
MS03-049 |
Buffer Overrun in the
Workstation Service Could Allow Code Execution |
|
|
MS03-008 |
Flaw in Windows Script Engine
may allow code to run |
|
|
MS04-007 |
An ASN.1 vulnerability could
allow code execution |
|
|
MS04-008 |
Vulnerability in Windows
Media Services could allow a Denial of Service attack |
|
|
MS04-012 |
Cumulative Update for
Microsoft RPC/DCOM |
|
|
MS04-006 |
A vulnerability in the
Windows Internet Name Service (WINS) could allow code
execution |
|
|
MS04-011 |
Security Update for Microsoft
Windows |
|
|
MS04-014 |
Vulnerability in the
Microsoft Jet Database Engine could permit code execution |
|
|
MS04-016 |
Vulnerability in DirectPlay
could allow denial of service |
|
|
MS04-024 |
A vulnerability in the
Windows shell could allow remote code execution |
|
|
MS04-023 |
Vulnerability in HTML Help
could allow code execution |
|
|
MS04-020 |
A vulnerability in POSIX
could allow code execution |
|
|
MS04-022 |
A vulnerability in Task
Scheduler could allow code execution |
|
|
MS04-019 |
A vulnerability in Utility
Manager could allow code execution |
|
|
MS04-030 |
Vulnerability in WebDAV XML
message handler could lead to a denial of service |
|
|
MS04-032 |
Security update for Microsoft
Windows |
|
|
MS04-037 |
Vulnerability in Windows
shell could allow remote code execution |
|
|
MS04-031 |
Vulnerability in NetDDE could
allow remote code execution |
|
|
MS04-045 |
Vulnerability in WINS could
allow remote code execution |
|
|
MS04-043 |
Vulnerability in
HyperTerminal could allow code execution |
|
|
MS04-044 |
Vulnerabilities in Windows
Kernel and LSASS could allow elevation of privilege |
|
|
MS04-041 |
A vulnerability in WordPad
could allow code execution |
|
|
MS05-003 |
Vulnerability in the Indexing
Service could allow remote code execution |
|
|
MS05-008 |
Vulnerability in Windows
shell could allow remote code execution |
|
|
MS05-011 |
Vulnerability in server
message block could allow remote code execution |
|
|
MS05-010 |
Vulnerability in the License
Logging service could allow code execution |
|
|
MS05-015 |
Vulnerability in hyperlink
object library could allow remote code execution in Windows Server
2003 |
|
|
MS05-001 |
Vulnerability in HTML Help
could allow code execution |
|
|
MS05-013 |
Vulnerability in the DHTML
editing component ActiveX control could allow code
execution |
|
|
MS05-002 |
Vulnerability in cursor and
icon format handling could allow remote code execution |
|
|
MS05-012 |
Vulnerability in OLE and COM
could allow remote code execution |
|
|
MS05-016 |
Vulnerability in Windows
Shell that could allow remote code execution |
|
|
MS05-019 |
Vulnerabilities in TCP/IP
could allow remote code execution and denial of service |
|
|
MS05-017 |
Vulnerability in MSMQ could
allow code execution |
|
|
MS05-018 |
Vulnerabilities in Windows
kernel could allow elevation of privilege and denial of
service |
|
|
MS05-020 |
Cumulative security update
for Internet Explorer |
|
|
MS03-022 |
Vulnerability in ISAPI
Extension for Windows Media Services may cause code
execution |
|
|
MS05-014 |
Cumulative security update
for Internet Explorer |
|
For more information about the
problems that are fixed in Update Rollup 1 for Microsoft Windows 2000 SP4, click
the following article number to view the article in the Microsoft Knowledge
Base:
900345 Problems that are
fixed in the Update Rollup 1 for Microsoft Windows 2000 Service Pack 4 that is
dated June 28, 2005
Update Rollup 1 for
Windows 2000 SP4 TAPI information
Update Rollup 1 for
Windows 2000 SP4 changes how Telephony server and client computers communicate
using Telephony Application Programming Interface (TAPI).
After you
install the Update Rollup 1 for Windows 2000 SP4, Windows 2000 telephony clients
only accept encrypted RPC packets from the telephony server. Therefore, the
client does not communicate with a telephony server that sends non-encrypted RPC
packets. However, this does not apply to TAPI deployments where the client
computers are using mailslot instead of RPC for communications with the
telephony server or where the telephony server is using mailslot for
communications.
By default, Windows 2000 clients use mailslot to
communicate with the telephony server. Windows 2000 clients use RPC only when
explicitly configured as connection oriented when you use tcmsetup with the -x
switch. For example;
tcmsetup /r /x /c ServerName
Where
ServerName is the name of the telephony server.
Known issues
For more information
about known issues that may occur when you install the Update Rollup 1 for
Windows 2000 SP4, click the following article number to view the article in the
Microsoft Knowledge Base:
901159 Some Internet Security
Systems products stop running after you install the revised MS05-019 security
update on a Windows 2000-based computer
Notes
Update Rollup for
Windows 2000 does not contain updates for individual Windows components not
included with a clean slipstream install of Windows 2000 SP4. If there are
components previously installed or updated on the system, the individual
security updates must be downloaded separately from Windows Update.
Examples include the following:
|
• |
MS03-011 - Flaw in Microsoft
VM Could Enable System Compromise (KB816093) - The Microsoft VM is not
included in SP4 natively. However the VM may be resident on systems which
were updated to SP4 from a prior SP or installed by a third party software
package. |
|
• |
Internet Explorer 6 and
Outlook Express 6 – Internet Explorer 5.01 was originally included with
Windows 2000. Service Packs for Windows 2000 only service this original
version. Microsoft recommends that you install Internet Explorer 6 SP1 and
the current cumulative Internet Explorer security updates on Windows 2000
computers for maximum
security. |
