Need help determinig appropriate patches and Updates on Server 2000

Posted on 2006-06-05
Last Modified: 2013-12-04
Hi all,
Boy do I need help.  I am a newbie system administrator.  I have taken over a system that has been neglected for a while.  I have several MS updates that the server has downloaded and qued to install.  I am paranoid to just OK them all.  Here is what I have and the patches that are waiting to be installed.  Please give me your feedback on what should or should not be OK to apply.  I have also asked a few specific questions on some updates.  
Here is what I have running on the Server:
Running Windows Server 2000 SP 4 on Dell Poweredge 4600 Server (is a domain controller)
MS SQL Server 2000
Symantec Antivirus Corp edition 10.0
ActiveState Active Pearl 5.8
Autoit v3
Auto Share Manager
Broadcom Advanced Control Suite
Dell Open Manage Applications
Power Quest Volume Manager 2.0
WinZip 9.0
IE Explorer -  Seldom if ever use it.
Outlook Express – Never used.

Here are the Microsoft updates waiting to be installed:

1.  Cumulative Update for Internet Explorer 6 SP1 (KB912812)
Microsoft Security Bulletin MS06-013  (Question: Server is not used for web browsing so do I really need to install this?).

2.  Cumulative Security Update for Outlook Express (KB911567)
Microsoft Security Bulletin MS06-016 (Question: Server is not used for sending emails so do I really need to install this?).

3.  Security Update for Microsoft Data Access Components 2.5 Service Pack 3 (KB911562)
Microsoft Security Bulletin MS06-014 (Question:  We are running SQL Server 2000, will this update effect that in anyway?  Have several mission critical databases so I don’t want to mess them up.)

4.  Security Update for Windows 2000 (KB896424)
Microsoft Security Bulletin MS05-053
Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution

5.  Security Update for Windows 2000 (KB908519)
Microsoft Security Bulletin MS06-002
Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)

6.  Security Update for Windows 2000 (KB908531)
Microsoft Security Bulletin MS06-015
Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)

7.  Security Update for Windows 2000 (KB908523)
Microsoft Security Bulletin MS05-055
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (908523)

8.  Security Update for Windows 2000 (KB912919)
Microsoft Security Bulletin MS06-001
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)

9.  Security Update for Windows 2000 (KB913580)
Microsoft Security Bulletin MS06-018
Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580)

10.  Security Update for Windows Media Player Plug-in (KB911564)
Microsoft Security Bulletin MS06-006
Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564) (Question:  Media player is not used, so do I really need to install this update?)

11. Update for Windows 2000 (KB904368)
Office programs may stop responding when you save a new file to a floppy disk drive on a Windows 2000-based computer that has Update Rollup 1 for Windows 2000 SP4 installed.  (Question: Office not installed, do I really need to install this update?)

12.  Microsoft® Windows® Malicious Software Removal Tool (KB890830) (Question: Any issues with running this on a server?)

I know this is a long question, so I am awarding it a lot of points.  Thanks.
Question by:ckangas7
    LVL 5

    Accepted Solution

    Hi ckangas7

    To answer your questions - the patches should have been downloaded because those applications are installed on the server so it is potentially vulnerable.  I would suggest either removing the apps or applying the patches.

    The IE ones should defiantely be applied.

    The office one isn't a critiacl or security update so that can probably be ignored.

    The O/S ones and malicious software removal tools should cause no issues.

    The data access components patch should cause no issues, but I would be inclined to test it first if you can.

    I can say that we have several servers running w2k, sql 2000 and SAV 10, and these are up to date with all microsoft security patches.

    While experience suggests you will have no issues, this is obviously not any sort of guarantee on my part and you apply the patches at your own risk - just thought I should add a disclaimer to cover myself.

    Ideally you should test them on a similarly configured test server (maybe use VMWare to build one if you are short on hardware - VMWare server is now free!).

    hope this helps


    LVL 23

    Assisted Solution

    All of those are fine to install in my opinion.  The malicious software removal tool comes out every month, which is a pain sometimes, but it's harmless.

    I wouldn't worry about the office update (Question 9), but it won't hurt anything.

    Make sure an run the MBSA from MS as well:

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
    This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now