Windows NT 4.0 received seven service packs during its lifecycle, as well as numerous service rollup packages and option packs. Only the first service pack was made available for the MIPS architecture, Service Pack 2 was the final release for the PowerPC architecture, and Service Pack 6 was the final release for the Alpha architecture. Service Pack 6a (SP6a) is the last released service pack for Windows NT 4.0.
Service Pack 7 was planned at one stage in early 2001, but this became the Post SP6a Security Rollup and not a full service pack, released on July 26, 2001, 16 months following the release of Windows 2000 and nearly three months prior to the release of Windows XP.[42]
Microsoft Windows NT 4.0 Service Pack 2 full version
In addition to bug fixes, the service packs also added a multitude of new features such as Ultra DMA mode for disk drives along with bus mastering, newer versions of Internet Information Services, user accounts and user profile improvements, smart card support, improved symmetric multiprocessing (SMP) scalability, clustering capabilities, COM support improvements, Event Log service, MS-CHAPv2 and NTLMv2, SMB packet signing, Syskey, boot improvements, WINS improvements, Routing and Remote Access Service (RRAS), PPTP, DCOM/HTTP tunneling improvements, IGMPv2, WMI, Active Accessibility and NTFS 3.0 support among others.[43]
This is a buffer overrun vulnerability. However, it is most likely a denial of service vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
Although it is most likely that only a denial of service would result, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. If an attacker caused the affected system to become unresponsive, an administrator could restore normal functionality by restarting the affected system. However, the system could remain susceptible to a new denial of service attack until the update was applied.
In Windows 2000 and Windows XP, an attacker who successfully exploited this vulnerability could cause an affected system to stop accepting SSL connections. In Windows Server 2003, an attacker could cause the affected system to automatically restart. During that time, the affected system would not be able to respond to authentication requests. After restart, the affected system would be restored to typical functionality. However, it would still be susceptible to a new denial of service attack unless the update is applied.
A remote code execution vulnerability exists in the Microsoft ASN.1 Library. The vulnerability is caused by a possible "double-free" condition in the Microsoft ASN.1 Library that could lead to memory corruption on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, under the most likely attack scenario this issue is a denial of service vulnerability.
While potentially a remote code execution vulnerability, this is most likely a denial of service vulnerability. However, an attacker who successfully exploited this vulnerability to allow code execution could gain complete control over an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
This article describes how to install multiple Windows product updates (for example, critical updates, security patches, or hotfixes) that use Hotfix.exe (Microsoft Windows NT 4.0) or Update.exe (Microsoft Windows 2000, Microsoft Windows XP, or Microsoft Windows Server 2003) with only one restart. This article is intended for administrators and IT professionals. You can install Windows product updates that use Hotfix.exe or Update.exe either alone or in combination with Windows (with or without a service pack).Note The procedure that is described in this article does not work for product updates that do not use Hotfix.exe or Update.exe as the installation program. For example, Internet Explorer updates for Windows NT 4.0, Windows 2000, and Windows XP use an INF-based installation instead of Update.exe. As a result, you cannot use this procedure to install multiple Microsoft Internet Explorer updates with only one restart on Windows NT 4.0, Windows 2000, or Windows XP. Because Internet Explorer updates for Windows Server 2003 use Update.exe as the installation program, you can use this procedure to install them.For additional information about these topics, see the following Microsoft Web sites:Windows 2000
Client and server operating system versions, client and server programs, service pack versions, hotfixes, schema changes, security groups, group memberships, permissions on objects in the file system, shared folders, the registry, Active Directory directory service, local and Group Policy settings, and object count type and location
Clients that do not support LDAP signing will not be able to carry out LDAP queries against domain controllers and against global catalogs if NTLM authentication is negotiated and if the correct service packs are not installed on Windows 2000 domain controllers.
Windows Server 2003: By default, security settings on domain controllers that run Windows Server 2003 are configured to help prevent domain controller communications from being intercepted or tampered with by malicious users. For users to successfully communicate with a domain controller that runs Windows Server 2003, client computers must use both SMB signing and encryption or secure channel traffic signing. By default, clients that run Windows NT 4.0 with Service Pack 2 (SP2) or earlier installed and clients that run Windows 95 do not have SMB packet signing enabled. Therefore, these clients may not be able to authenticate to a Windows Server 2003-based domain controller.
To resolve this problem, obtain the latest service pack for Windows NT 4.0 or Windows NT Server 4.0, Terminal Server Edition. For additional information, please see the following article in the Microsoft Knowledge Base:
Site Server 3.0 Installation Steps Install Microsoft Windows NT Server 4.0. Microsoft recommends that you install Windows NT Server 4.0 as a stand-alone or member server, rather than as a domain controller. For more information, see the Site Server 3.0 Getting Started booklet. Do not use a computer name that is more than 12 characters long. See Q195298 Install Windows NT onto an NTFS partition. By default, the Windows NT Setup program is configured to install IIS 2.0. You do not need to install IIS 2.0, but it does not cause any harm if you do install IIS 2.0.
Install Microsoft Windows NT 4.0 Service Pack 3. Do not substitute Windows NT 4.0 Service Pack 4 or later at this point.
Install Microsoft Internet Explorer 4.01 Service Pack 2 using the Standard installation. Do not substitute Internet Explorer 5.0 at this point. Q216709. If you install Internet Explorer 4.01 Service Pack 2 after you install the Windows NT 4.0 Option Pack (NTOP), the Protected Storage service may not function properly. Q185029.
Install the Microsoft Windows NT 4.0 Option Pack. If you are prompted, perform an "Upgrade Plus" installation. Install Index Server, Windows Scripting Host, and under the IIS options, install the SMTP server. These options are not installed by default. You must perform a custom installation to enable these options. Do not install the FrontPage 98 Server Extensions. (The FrontPage Server Extensions are installed later in the process.) Configure MTS for local (not remote) administration.
Install the updated FrontPage 98 Server Extensions, version 3.0.2.1706. Optionally, you can install the FrontPage 2000 Server Extensions (not recommended with Site Server 3.0, Commerce Edition).
Install Microsoft Windows NT 4.0 Service Pack 4. Do not substitute Windows NT 4.0 Service Pack 5 or later at this point. When Windows NT 4.0 SP4 is installed, you will be required to restart the computer. After you restart the computer, you will be prompted to install the Y2K updates. Do not install the Y2K updates at this time. The Y2K updates are installed by Internet Explorer 5.0 and MDAC 2.1 SP2.
Install Microsoft Internet Explorer 5.0.For this configuration, Internet Explorer 5.0 is required. When you are prompted, you must select "Typical set of components." The following list describes some issues that may occur when you install Internet Explorer 5.0 on a computer with Commerce Server: The Site Server Customizable Starter Sites are not compatible with Internet Explorer 5.0. The Customizable Starter Sites are not scheduled to be updated for Internet Explorer 5.0. By default, Internet Explorer 5.0 associates the .prf extension with PICSRules files. However, Site Server associates this extension with Rule Set files. To work around this problem, perform a custom install of Internet Explorer 5.0, click the Advanced button, and then configure Internet Explorer 5.0 so that it does not associate the .prf file extension. Internet Explorer 5.0 prevents Posting Acceptor from allowing Anonymous uploads. A fix is under development.
Install Microsoft SQL Server 7.0. Do not install SQL Server 7.0 Desktop Edition.
Install SQL Server 7.0 Service Pack 1. Q232570. When you download and run the Sql70sp1i.exe file, the service pack files are extracted to the C:\SP1 directory. However, you must still run C:\SP1\Setup.bat to actually install the service pack. Installing SQL Server 7.0 SP1 can take up to 30 minutes, which does not include the time it takes to download the service pack.
Configure the SQL Server client default Network Library to Named Pipes. In this configuration, SQL Server is installed on the same computer as Site Server. Therefore, the SQL Server default Network Library should be set to Named Pipes. This step is different from the instructions for a computer running Site Server without SQL Server installed. To ensure that the default Network Library is set to Named Pipes, run the SQL Server Client Network Utility. On the Net Library tab, select "Named Pipes" as the Default Network, and then click Done. IIS should now use Named Pipes when it connects to the SQL Server computer.
Verify that the MSDTC service is started and that MSDTC is configured to start automatically. Q222000. Configure database connectivity. It is not necessary to create a database or DSN for Personalization and Membership (P&M). If you choose to create a SQL Sever-based membership instance after you install Site Server, create your database prior to setting up the membership instance. It is not necessary to create a database or DSN for Usage Analysis. When you install Site Server, the Usage Analysis database is created when you run the Database Setup Wizard.
(Optional) Install Office 2000. If you are installing Office 2000 on this computer, you must install it before Site Server 3.0. Office 2000 removes the FrontPage registry entry that Site Server 3.0, Commerce Edition needs to successfully run the Site Foundation Wizard. Q248625.
Install Site Server 3.0. When you are prompted to overwrite existing files, click "No To All." The Internet Explorer 5.0 Setup program installs newer versions of some DLL files. The Site Server 3.0 Setup program attempts to overwrite those DLL files. If you install Analysis, do not run the Analysis SQL Server Database Setup Wizard until Site Server 3.0 Service Pack 2 is installed. Only run this wizard if the SQL Server computer is dedicated for Analysis, because the wizard makes global SQL Server configuration changes. Do not create new membership instances prior to installing Site Server 3.0, Commerce Edition, because the Trey Research Web site will not install or configure correctly.
(Optional) Install Commerce Server. If you chose to install the FrontPage 2000 Server Extensions prior to installing Commerce Server, edit the properties of the Default Web Site. On the Home Directory tab, disable the "FrontPage Web" option. When Commerce Server is installed, enable the "FrontPage Web" option on the Default Web Site. Create individual databases for Ad Server or Commerce Server, respectively. The databases may reside on different database servers or share the same server. Create a System DSN for the Ad Server and/or Commerce Server databases. When you create each DSN for Ad Server or Commerce Server, do the following: Use SQL Server Standard authentication rather than Windows NT authentication. Specify a SQL Server account with at least DBO rights. Do not use the default master database. Specify the corresponding database for each DSN.
(Optional) Install Visual Studio 6.0 or Visual Studio 97. By default, Visual Studio 6.0 installs the Visual Studio Analyzer component. However, Microsoft strongly recommends that you do not install the Visual Studio Analyzer component on a production computer, because it severely impacts scalability and performance.
Install MDAC 2.1.2.4202.3 , which is also known as MDAC 2.1 SP2 Create system-wide TMP and TEMP environment variables. To do this, follow the workaround steps outlined in Q164535.
Install ADSI 2.5 If you installed Visual Studio, apply Visual Studio 97 Service Pack 3 or Visual Studio 6.0 Service Pack 3 appropriately. Install Site Server 3.0 Service Pack 3. Configure the Personalization and Membership database on the SQL Server computer for single-user mode. Run the Mcis2upd.sql script against all pre-existing SQL Server databases that support LDAP. You do not need to run this script against SQL Server databases created after Site Server 3.0 Service Pack 2 is applied. Reconfigure the Personalization and Membership database on the SQL Server computer for multi-user mode.
(Optional) If you want to install the Commerce Interchange Pipeline Manager (CIPM) for Site Server 3.0 Commerce Edition, do the following: Install Commerce Interchange Pipeline Manager (CIPM) Re-apply Site Server 3.0 Service Pack 3
Install Microsoft Windows NT 4.0 Service Pack 6a.
Post-Installation Suggestions If you installed Site Server 3.0, Commerce Edition, replace the Account.asp, Directory.asp, Finish.asp, and Setup.vbs files as specified in the Readme_sp3.htm file. The Readme_sp3.htm file is included with Site Server 3.0 Service Pack 3. If you have not customized any of the CMSample or FPSample .prf rule set files, update the CMSample and FPSample rule set files. Q188289. Copy all files and folders from the Microsoft Site Server\Sp3\Samples\CmSample directory to the Microsoft Site Server\Data\Publishing\CmSample directory to overwrite the existing files and folders. Copy all files and folders from the Microsoft Site Server\Sp3\Samples\FpSample directory to the Microsoft Site Server\Data\Publishing\FpSample directory to overwrite the existing files and folders.
If you have not customized any of the Search ASP pages, update the Search ASP pages: Copy all files and folders from the Microsoft Site Server\Sp3\Samples\Search directory to the Microsoft Site Server\Sites\Samples\Knowledge\Search directory to overwrite the existing files and folders.
Change the identity of the System Package in Microsoft Transaction Server. Q234518. If you installed the FrontPage 2000 Server Extensions and Commerce Server, you must disable the FrontPage 2000 Server Extensions each time you run the Site Foundation Wizard. After you run the Site Foundation Wizard, you must re-enable the FrontPage 2000 Server Extensions. If you installed Commerce Server, use the Site Server Microsoft Management Console (MMC) to access Commerce Host Administration. Remove ":80" from the non-secure host name field and ":443" from the secure host name field for all sample stores. Repeat this procedure for all stores that you create. Apply the post Site Server 3.0 Service Pack 3 fix for Posting Acceptor. Q246402. Install Microsoft Windows Script 5.1. Q240811. If you are using Java components, then install Microsoft VM version 3190 or later. Remove the SQL Server TCP/IP sockets Net Library Dbmssocn.dll file from the \System32\Inetsrv directory. The latest version of the Dbmssocn.dll file is located in the \System32 directory. Q253272. Please review the following security bulletins: Microsoft Security Bulletin (MS99-025) Solution Available for File Viewers Vulnerability Microsoft Security Bulletin MS99-058: Frequently Asked Questions
Last Reviewed: Thursday, February 3, 2000 2000 Microsoft Corporation. All rights reserved. Terms of Use. 2ff7e9595c
Comments