ISA Server 2004 and ISA Server 2006 may be affected by the security updates in Microsoft Knowledge Base articles 960082 and 960083
In a Microsoft Internet Security and Acceleration (ISA) Server 2004 or ISA Server 2006 environment, you try to install one of the security updates for Microsoft SQL Server 2000 and SQL Server 2000 Desktop Engine (MSDE 2000) that are described in the following Microsoft Knowledge Base articles:
960082 MS09-004: Description of the security update for SQL Server 2000 GDR and MSDE 2000: February 10, 2009
960083 MS09-004: Description of the security update for SQL Server 2000 QFE and MSDE 2000: February 10, 2009By default, this update is recommended. However, ISA Server 2004 and ISA Server 2006 could be affected by this update in the following ways.
Issue 1The MSSQL$MSFW service is stopped, and then restarted when the associated database instances are updated. This action occurs if SQL Server 2000 or MSDE 2000 is installed on the computer that is running ISA Server. This action also stops the Microsoft Firewall service. Therefore, the SQL Server installer tries to return the Microsoft Firewall service to the same state that it was in before the update was started. Because the update installer cannot control services on a remote server, you must monitor and possibly restart the Microsoft Firewall service and the dependent services if ISA Server is configured for remote SQL Server logging.
Important The SQL Server 2000 SP4 installer also stops, and then tries to restart the Microsoft Firewall service. However, the service may not correctly restart after you install the security update. In this case, you may have to restart the service manually.
Issue 2ISA Server 2006 installs MSDE 2000 together with SQL Server 2000 SP4.
Issue 1This issue occurs because ISA Server disables remote network connectivity for the ISA Server MSDE instance (MSSQL$MSFW) to prevent vulnerability to network-based SQL attacks. Additionally, the ISA Server 2004 Setup program installs a pre-SQL Server 2000 Service Pack 4 (SP4) version of MSDE.
Issue 2This issue occurs because ISA Server 2000 is not affected by the SQL Server security update. ISA Server 2000 may be configured to use a remote instance of SQL Server for logging. If that instance of SQL Server is updated, ISA Server 2000 may be affected in the same manner as ISA Server 2004 and ISA Server 2006. Because the update installer cannot control services on a remote server, you must monitor and possibly restart the ISA Server services.
To resolve Issue 1, follow these steps:
- Download and install SQL Server 2000 SP4. To obtain and install SQL Server 2000 SP4, visit the following Microsoft Web site:
- Enter the following at a command prompt to upgrade the instance of the ISA Server 2004 version of MSDE 2000 to the version of MSDE that is included with SQL Server 2000 SP4: setup /upgradesp sqlrun instancename=MSFW /l*v c:\msde2Ksp4.log
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
SQL ISA MSDE install
Article ID: 967094 - Last Review: 02/10/2009 19:06:51 - Revision: 1.2
Microsoft SQL Server 2000 Service Pack 4, Microsoft Windows Server 2003 Service Pack 2, Microsoft Windows Server 2003 Service Pack 1, Microsoft Windows Server 2003, Datacenter x64 Edition, Microsoft Windows Server 2003, Enterprise x64 Edition, Microsoft Windows Server 2003, Standard x64 Edition, Microsoft Windows 2000 Service Pack 4
- kbtshoot kbexpertiseinter kbsurveynew kbprb KB967094