Just discovered what could be a security bug in SP2.
SP2 only includes patches until around 01 FEB 2001, so after installing SP2 you need to at least install/reinstall (If you have allready installed them before installing SP2 they get messed up) the critical updates after this date. These can be found on the following page:
http://www.microsoft.com/windows2000/downloads/critical/default.asp
Now, here comes the bug. SP2 checks evertime a hotfix is installed if it is a pre SP2 hotfix or a pre SP3 hotfix. If it is pre SP2 it will not install it because it should allready be installed.
Two of the pre SP3 hotfixes on
http://www.microsoft.com/windows2000/downloads/critical/default.asp have a wrong filename/build in info, so SP2 thinks they are pre SP2 and therefore won't allow them to be installed:
The updates with the problem are the following:
q291845_w2k_sp2_x86_en.exe 13 MAR 2001
q296576_w2k_sp2_x86_en.exe 01 MAY 2001
They include "_sp2_" instead of "_sp3_" and they are not part of the SP2 package.
So after installing SP2 your system is probably vulnerabel to the following two bugs:
http://www.microsoft.com/windows2000/downloads/critical/q291845/default.asp
http://www.microsoft.com/windows2000/downloads/critical/q296576/default.asp
If you allready installed these before SP2 it is kind of hard to tell how much has been overwritten. I did install them before and all I know is that the registry entry got deleted, so the hotfix checker came up and said they were not there anymore.
Regards Runboy
SP2 only includes patches until around 01 FEB 2001, so after installing SP2 you need to at least install/reinstall (If you have allready installed them before installing SP2 they get messed up) the critical updates after this date. These can be found on the following page:
http://www.microsoft.com/windows2000/downloads/critical/default.asp
Now, here comes the bug. SP2 checks evertime a hotfix is installed if it is a pre SP2 hotfix or a pre SP3 hotfix. If it is pre SP2 it will not install it because it should allready be installed.
Two of the pre SP3 hotfixes on
http://www.microsoft.com/windows2000/downloads/critical/default.asp have a wrong filename/build in info, so SP2 thinks they are pre SP2 and therefore won't allow them to be installed:
The updates with the problem are the following:
q291845_w2k_sp2_x86_en.exe 13 MAR 2001
q296576_w2k_sp2_x86_en.exe 01 MAY 2001
They include "_sp2_" instead of "_sp3_" and they are not part of the SP2 package.
So after installing SP2 your system is probably vulnerabel to the following two bugs:
http://www.microsoft.com/windows2000/downloads/critical/q291845/default.asp
http://www.microsoft.com/windows2000/downloads/critical/q296576/default.asp
If you allready installed these before SP2 it is kind of hard to tell how much has been overwritten. I did install them before and all I know is that the registry entry got deleted, so the hotfix checker came up and said they were not there anymore.
Regards Runboy
Facebook
Twitter