July 9, 2008 at 8:16 am
It would appear MS has released a patch for a new vulnerability
KB948110 and KB948111
One is a QFE and the other is a GDR.
Are we supposed to apply both?
http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx
July 9, 2008 at 9:05 am
its an either\or depending on your exact version of SQL (run select @@version), and compare that to the table in the FAQ section in
http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx
---------------------------------------------------------------------
July 9, 2008 at 9:19 am
I think it's the same one released under two different code paths. QFE is a quick fix, usually for one customer. The equivalent is a GDR, general release.
First security fix for SQL Server 2005.
July 9, 2008 at 9:33 am
Thanks for the info.
I am running on Windows 2000 server. The hotfix indicates it only supports these OSs:
System Requirements
Supported Operating Systems: Windows Server 2003; Windows Vista; Windows XP
Windows 2003, Vista, Windows XP
Should I not apply it?
Thanks again
July 10, 2008 at 6:53 am
jscii,
its hard to be 100% sure because theres a lot of info there and can't see the wood for the trees. I get the impression patch is not for windows 2000 because it is no longer supported. I recommend you contact microsoft,
another thing I can't find is what's the backout if install goes wrong. I've got 60+ servers to do! :w00t:
---------------------------------------------------------------------
July 10, 2008 at 7:20 am
If this patch sets the version number to 2273 does this mean that it also applies all of the hotfixes up to that point after sp4 and if so, does anyone know of any known problems with this?
Thanks
July 10, 2008 at 7:57 am
If you are at 2039 (sp4) then you are applying the GDR which will apply all fixes up to and including 2273, patches are always cumulative unless its specifically designated a one off fix.
I have upgraded from 2039 to 2187 (the last hotfix roll up) many times with no issues.
---------------------------------------------------------------------
July 10, 2008 at 8:06 am
It doesn't say that in the article though, for hotfixes it always states that it's cummulative, I presummed that it probably is cummulative but want to make sure.
It's a bit odd though, you're not supposed to install hotfixes unless they apply to you as they are not fully tested, you're supposed to wait for the next sp so if this is a recommended update does it mean all the hotfixes have now been fully tested and why haven'e they called it sp5 instead?
😀
July 10, 2008 at 10:10 am
Buxton69 (7/10/2008)
It doesn't say that in the article though, for hotfixes it always states that it's cummulative, I presummed that it probably is cummulative but want to make sure.its cumulative
It's a bit odd though, you're not supposed to install hotfixes unless they apply to you as they are not fully tested, you're supposed to wait for the next sp so if this is a recommended update does it mean all the hotfixes have now been fully tested and why haven'e they called it sp5 instead?
😀
security patches are an exception to that.
you've cross posted:
http://www.sqlservercentral.com/Forums/Topic531587-146-1.aspx
please stick to one or other
---------------------------------------------------------------------
July 10, 2008 at 10:52 am
I contacted MS tech support and they indicated the hotfix can be applied to servers running Windows 2000 SP4.
Hope this helps.
July 10, 2008 at 12:32 pm
you've cross posted:
http://www.sqlservercentral.com/Forums/Topic531587-146-1.aspx
please stick to one or other
Each post relates to a different version of SQL Server which is why there are different forums.
July 10, 2008 at 1:07 pm
thanks for the feedback...........
---------------------------------------------------------------------
September 8, 2008 at 5:40 am
Hi,
Can someone please tell me which of the two is the GDR update (the one with all the hotfixes till then). Is that KB948110 or KB948111.
When I look at the Microsoft documentation then it states that KB948110 is the GDR hotfix and KB948111 is the QFE hotfix. But when I look at the sizes then hotfix KB948110 is about 10mb in size and KB948111 is 22mb in size. So it looks to me as if the QFE hotfix contains all the hotfixes untill then.
Can anyone shine a light on this for me...
Thanks.
September 8, 2008 at 6:21 am
expand the FAQ section on article http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx, that will explain it.
which fix you apply depends on your current version of SQL (run select @@version). I have applied both patches, and both work fine.
---------------------------------------------------------------------
September 8, 2008 at 6:41 am
Hi George,
Thanks for your quick answer... But I'm still not sure which hotfix does what...
I was running Sql Server 2000 build 2187 in a test environment. So I applied hotfix 2273 (KB948111) and the build of Sql Server went to 2273. Can you tell me if this hotfix contains all previous hotfixes or not, because after hotfix 2187 we didn't apply any other hotfixes, but I want some of them applied as well. Or do I need to apply those older hotfixes first and apply the security hotfix after them.
Thanks in advance...
Viewing 15 posts - 1 through 15 (of 15 total)
You must be logged in to reply to this topic. Login to reply