Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. ISA Server 2004 and ISA Server 2006 may be affected by the security updates in Microsoft Knowledge Base articles 960082 and 960083

ISA Server 2004 and ISA Server 2006 may be affected by the security updates in Microsoft Knowledge Base articles 960082 and 960083

View products that this article applies to.

Symptoms

In a Microsoft Internet Security and Acceleration (ISA) Server 2004 or ISA Server 2006 environment, you try to install one of the security updates for Microsoft SQL Server 2000 and SQL Server 2000 Desktop Engine (MSDE 2000) that are described in the following Microsoft Knowledge Base articles:
960082 MS09-004: Description of the security update for SQL Server 2000 GDR and MSDE 2000: February 10, 2009
960083 MS09-004: Description of the security update for SQL Server 2000 QFE and MSDE 2000: February 10, 2009
By default, this update is recommended. However, ISA Server 2004 and ISA Server 2006 could be affected by this update in the following ways.

Issue 1

The MSSQL$MSFW service is stopped, and then restarted when the associated database instances are updated. This action occurs if SQL Server 2000 or MSDE 2000 is installed on the computer that is running ISA Server. This action also stops the Microsoft Firewall service. Therefore, the SQL Server installer tries to return the Microsoft Firewall service to the same state that it was in before the update was started. Because the update installer cannot control services on a remote server, you must monitor and possibly restart the Microsoft Firewall service and the dependent services if ISA Server is configured for remote SQL Server logging.

Important The SQL Server 2000 SP4 installer also stops, and then tries to restart the Microsoft Firewall service. However, the service may not correctly restart after you install the security update. In this case, you may have to restart the service manually.

Issue 2

ISA Server 2006 installs MSDE 2000 together with SQL Server 2000 SP4.

↑ Back to the top

Cause

Issue 1

This issue occurs because ISA Server disables remote network connectivity for the ISA Server MSDE instance (MSSQL$MSFW) to prevent vulnerability to network-based SQL attacks. Additionally, the ISA Server 2004 Setup program installs a pre-SQL Server 2000 Service Pack 4 (SP4) version of MSDE.

Issue 2

This issue occurs because ISA Server 2000 is not affected by the SQL Server security update. ISA Server 2000 may be configured to use a remote instance of SQL Server for logging. If that instance of SQL Server is updated, ISA Server 2000 may be affected in the same manner as ISA Server 2004 and ISA Server 2006. Because the update installer cannot control services on a remote server, you must monitor and possibly restart the ISA Server services.

↑ Back to the top

Resolution

To resolve Issue 1, follow these steps:
  1. Download and install SQL Server 2000 SP4. To obtain and install SQL Server 2000 SP4, visit the following Microsoft Web site:
    http://www.microsoft.com/downloads/details.aspx?FamilyID=8e2dfc8d-c20e-4446-99a9-b7f0213f8bc5
  2. Enter the following at a command prompt to upgrade the instance of the ISA Server 2004 version of MSDE 2000 to the version of MSDE that is included with SQL Server 2000 SP4:
    setup /upgradesp sqlrun instancename=MSFW /l*v c:\msde2Ksp4.log

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

Keywords: kbtshoot, kbexpertiseinter, kbsurveynew, kbprb, KB967094

↑ Back to the top

Article Info
Article ID : 967094
Revision : 3
Created on : 2/10/2009
Published on : 2/10/2009
Exists online : False
Views : 475