Archive

Archive for July, 2008

MS08-040 Update

SQL Server Service Pack 2 CU7 (and CU8) Includes the Security Patch

If Cumulative Update 7 (CU7) or Cumulative Update 8 (CU8) has been installed for SQL Server 2005 Service Pack 2 (SP2) then there is no need to apply the patch.

The build for the patch is 9.00.3233.

Since the build for CU7 is 9.00.3239 and cumulative updates are cumulative, both CU7 and CU8 include this security patch.

Advertisements
Categories: Patches

Microsoft Releases Critical Fix for SQL Server 7.0-2005

MS08-040: Vulnerabilities in Microsoft SQL Server could allow elevation of privilege

Microsoft released a SQL security update today to address four vulnerabilities found in almost all versions of SQL Server including SQL Server 7.0, SQL Server 2000, SQL Server 2005, and the “Windows Internal” database on Windows Server 2003 and Windows Server 2008.

The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

This release is considered important and should be applied.

The vulnerabilities can be somewhat mitigated if the SQL service is not running as LocalSystem, or Local Adminstrator privileges.

The vulnerabilities are:

  • Memory Page Reuse Vulnerability (CVE-2008-0085)
  • Convert Buffer Overrun (CVE-2008-0086)
  • SQL Server Memory Corruption Vulnerability (CVE-2008-0107)
  • SQL Server Buffer Overrun Vulnerability (CVE-2008-0106)

The following TechNet article has more information about the vulnerabilities:

htttp://www.microsoft.com/technet/security/bulletin/MS08-040.mspx

The following KB article has more information about the patch:

http://support.microsoft.com/kb/941203

Categories: Patches

Windows Server 2008 Unauthenticated

Windows Server 2008 Unauthenticated Edition

As part of a IIS / SQL Server hosting project I was perplexed when "Windows Unauthenticated Edition" came up in a discussion. I had certainly never heard of it. Neither did had anyone else. Neither had Microsoft Australia.

Windows WebServer 2008

Designed to be used specifically as a single-purpose Web server, Windows Web Server 2008 delivers on a rock-solid foundation of Web infrastructure capabilities in the next-generation Windows Server 2008. Integrated with the newly re-architected IIS 7.0, ASP.NET, and the Microsoft .NET Framework, Windows Web Server 2008 enables any organization to rapidly deploy Web pages, Web sites, Web applications, and Web services.

Windows Server 2008 Unauthenticated

The unauthenticated version of Windows Server 2008 brings all of the power of Windows Server 2008 Enterprise Edition except for applications that require Windows authentication services such as Microsoft Exchange Server, Microsoft Windows SharePoint Services, and Microsoft Office SharePoint Server. It cannot run Active Directory, but in every other aspect it is a fully featured Enterprise Edition install.

Windows Server 2008 Standard

Windows Server 2008 Standard is the most robust Windows Server operating system to date. With built-in, enhanced Web and virtualization capabilities, it is designed to increase the reliability and flexibility of your server infrastructure while helping save time and reduce costs. Powerful tools give you greater control over your servers, and streamline configuration and management tasks. Plus, enhanced security features work to harden the operating system to help protect your data and network and provide a solid, highly dependable foundation for your business.

Windows Server 2008 Enterprise

Windows Server 2008 Enterprise delivers an enterprise-class platform for deploying business-critical applications. Help improve availability with clustering and hot-add processor capabilities. Help improve security with consolidated identity management features. Reduce infrastructure costs by consolidating applications with virtualization licensing rights. Windows Server 2008 Enterprise provides the foundation for a highly dynamic, scalable IT infrastructure.

Windows Server 2008 Datacenter

Windows Server 2008 Datacenter delivers an enterprise-class platform for deploying business-critical applications and large-scale virtualization on small and large servers. Improve availability with clustering and dynamic hardware partitioning capabilities. Reduce infrastructure costs by consolidating applications with unlimited virtualization licensing rights. Scale from 2 to 64 processors. Windows Server 2008 Datacenter provides a foundation on which to build enterprise-class virtualization and scale-up solutions.

The differences between the more "common" editions would seem to be:

Feature

Web

Unauthenticated

Standard

Enterprise

Maximum RAM (32-bit)

4 GB

64 GB

4 GB

64 GB

Maximum RAM (64-bit)

32 GB

2 TB

32 GB

2 TB

Network Access Connections (RRAS)

0

Unlimited

250

Unlimited

Network Access Connections (IAS)

0

Unlimited

50

Unlimited

Terminal Services Gateway

0

Unlimited

250

Unlimited

Remote Desktop Admin Connections

2

2

2

2

Can run Active Directory

No

No

Yes

Yes

Internet Information Service 7.0

Yes

Yes

Yes

Yes

SQL Server Express or better

Yes

Yes

Yes

Yes

SQL Server Workgroup or better

No

Yes

Yes

Yes

Hyper-V

No

No

No

No

Network Access Protection

No

Yes

Yes

Yes

AD Rights management Services(i) (RMS)

No

No

Yes

Yes

Terminal Services Gateway & RemoteApp(ii)

No

No

Yes

Yes

Server Manager

No

Yes

Yes

Yes

Windows Deployment Services

No

No

Yes

Yes

Server Core

Yes

Yes

Yes

Yes

Windows Powershell

Yes

Yes

Yes

Yes

 
Notes:
(i) Incremental RMS CALs required.
(ii) Incremental TS CALs required.
 
There are more "exotic" editions in the form of Windows HPC Server 2008, the Itanium versions, and the non Hyper-V equivalents of Standard/Enterprise/Datacenter.
 
 
 

Categories: Uncategorized