Windows 2000 Service Pack 3 includes
130 security fixes
By Hershel Dunne Sep 23, 2002 Microsoft recently released Service Pack 3 for Windows 2000. To help you determine whether Service Pack 3 is worth a download, I’ve developed this partial listing of fixes of interest to IT professionals. Keep in mind that these are just a few of the many problems addressed in Service Pack 3. Everything from base OS fixes to Windows setup fixes is covered in this Daily Drill Down. Base operating system fixes
The USB keyboard or mouse may not function when returning from hibernation mode; theIntel Controller Hub version 3 (ICH3) chipset has been found to not respond to the call from the operating system to return to normal usage. The call of the OS has been modified to address this issue. Mirrored drives larger than 137 GB perform slowly
in Windows 2000. When 48-bit LBA is used with a RAID-1 configuration, the
performance of the mirrored drives decreases dramatically. The fix involves
installing Service Pack 3 and editing the registry to enable Large Logical Block
Addressing (LLBA). If you’re running Microsoft Datacenter Server, you need to
consult Microsoft Knowledge Base Article Q265173 for information on how to
obtain the hot fix for that particular product.
Data fragmentation occurs when you use Ntbackup.exe
to restore data to a clean volume. The data restored to an NTFS volume will
appear as fragmented when restored to a clean volume. The clean volume is seen
as a mirror of the drive that was backed up; therefore, the data is written to
the same location on the clean volume as it held in the previous volume. If
there is a difference in the volume size or the location of the volume on the
disk, there will be inconsistencies in the data.
Security fixes
A vulnerability in Windows 2000 remote access service phonebook is due to an unchecked buffer. This could allow someone to gain complete access to the computer and delete accounts and limit access to the computer from existing accounts. --------------------------------------------------------------------------------
Security concerns abound There are approximately 130 other security fixes in Service Pack 3 that I have researched. Each of these is a possible threat to the continuous functionality of your company’s computer systems. For this reason alone, I believe that Service Pack 3 is needed for any company that is using Windows 2000 clients. -------------------------------------------------------------------------------- Once you’ve applied Service Pack 2, a drive letter
disappears from My Computer. Even if you attempt to reassign the drive letter,
you will still not be able to access it. The following error message has also
been confirmed as a result of this problem: Title: Logon Message: The System Can
Not Log You On (1F). Please Try Again Or Consult Your System Administrator. This
message occurs when a user has attempted to log on to the computer and has
received no error message. However, the Welcome To Windows login screen has
reappeared, asking the user to press [Ctrl][Alt][Del] to log on. Further
attempts to log on by any user will then invoke the message outlined above. The
cause of these errors is a drive mapping of the user that logs on and overwrites
a local drive letter with the home folder of that user.
Terminal Services fixes
Windows 2000 Terminal Server hangs when you close a remote connection. This situation occurs in Windows 98 and Windows 95 clients that are connected to the Terminal Server and try to close the connection to the server. Terminal Services is waiting on another service that is on the same thread as the final exchange that needs to occur between the Windows client and the Terminal Server. This could leave Terminal Services in an unusable state until the server is rebooted. This reboot technique would obviously be a temporary fix since you wouldn’t want to have to restart a server every time this bug appeared. Service Pack 3 corrects this problem by placing the service on a different processor thread that allows it to run simultaneously with the logoff procedure. Terminal Services clients consume multiple Terminal
Services CALs. This problem occurs when a computer is connected to a Terminal
Services server and is assigned a temporary Terminal Services CAL token. If the
client is turned off before the full token can be authenticated into flash
memory, it will be assigned a second full token the next time it connects. This
multiple issuance of full tokens can also occur when a Windows client machine
that has been issued a full token is reimaged with an image that contains either
the temporary token or no token at all.
You may receive one of the four following Status
Unexpected Network Error error messages from redirector to Terminal Services
client sessions when you try to access files on a mapped network
drive:
Status_Unexpected_Network_Error
(0xc00000c4)
Status_Connection_Disconnected (0xc000020c) Error_Unexp_Net_Err (Error 59 in decimal or 0x3b in hexadecimal) Error_Netname_Deleted (Error 64 in decimal or 0x40 in hexadecimal) Service Pack 3 contains updated versions of two
files that will resolve this error.
Clients with an expired temporary license may be
unable to connect to Terminal Services. A client that could previously connect
to Terminal Services may not be able to connect once its temporary license has
expired. The following error message is sent to the client trying to connect,
Terminal Services Has Ended The Connection. The client with the expired
temporary license can connect if the license is first removed from the client
computer. Consult Microsoft Knowledge Base article number Q248430 for the
process to delete an expired temporary license.
The number lock status is not synchronized during
Terminal Services session. Clients running Windows 95, 98, and Me don’t change
the number lock status on the keyboard or in reference to the operating system.
When the [Ctrl][Alt][Num Lock] keys are pressed, only the Terminal Services
session reflects the Num Lock On state. Once the Terminal Services session is
terminated, the Num Lock On state is off.
Windows Directory Services fixes You may experience poor performance with file and print services for NetWare. If certain client operations aren’t processed correctly, there are inconsistencies in the file dates and times from the source client to the destination client. Subsequent attempts to copy the files again are not copied. However, a message is sent informing the source computer that the file updates have been made. This could cause multiple instances of different versions of files contained on your network. Windows MSMQ fixes
You may be unable to browse a remote access client from the message queuing service after establishing the connection. Clients using the Message Queuing service may receive the Remote Machine Not Available error message when attempting to view the queues on a remote computer. This error is caused by a remote connection being established after message queuing is initialized. Message Queuing services are bound to IP addresses when the service is first initialized and are not assigned dynamically as new connections are made. Message Queuing is not aware of the new connection and does not have a Remote Procedure Call (RPC) listening port attached to the new IP address. The fix included in Service Pack 3 binds all nonclustered computers, allowing the Message Queuing service to receive data from clients connected since it was first initialized. MDAC fixes
There is a virtual memory leak when a large number of ActiveX Data Objects (ADOs) are open concurrently. This occurs when these ADO recordsets are opened and closed frequently, resulting in a memory leak that can lead to out-of-memory errors and memory fragmentation. This problem has been found to occur in all MDAC versions 2.5 and 2.6 and is not provider specific. Oracle, SQL, and ODBC drivers have been affected. The problem is a result of a feature in the MDAC memory management routine that places the recently vacated memory in a “look-aside list” rather than freeing it up for use by the system. This was done to cut down on the overhead that occurs when memory is completely freed up and then reallocated. The default setting is 500 allocations of memory for the look-aside list, with any allocations over that default freed by a call to the VirtualFree function. There is an error in the code for the memory management so that memory is not actually released. The application receives no information that the memory has leaked. Service Pack 3 addresses this problem by installing updated files that contain the memory management fix. Management and administration fixes
Network printers may not be displayed if you use roaming profiles in Windows 2000. If a user has a roaming profile, they may not see their network printer if there is a local printer attached to the computer they logged on to. This occurs because the printer’s interface is designed to hide network printers that are installed as local printers. Sometimes, this feature hides printers that are not installed locally. The fix contained in Service Pack 3 contains an updated spool file called Spoolss.dll, which resolves this problem. You cannot search contents of text attachments in
e-mail messages in Windows 2000. If you try to search a text attachment to an
e-mail message in the Unicode or ANSI format, you may not be able to complete
the search. Multipurpose Internet Mail Extension (MIME) does not contain a plain
text filter by default when it is sent to the Windows 2000 client. The MIME
filter attempts to search the text file by using ASC (Microsoft Exchange Active
Server Components) and is unable to do so. The fix contains an updated version
of the file Mimefilt.dll, which resolves this problem.
Bad mail messages that cause the queue to grow and
block delivery of other messages occur when an outgoing message is incorrectly
configured for a specific server such as AOL.com. The offending message will be
sent to the front of the queue, and subsequent messages are blocked from being
delivered. This occurs because the message at the head of the queue is
considered to be in a “retry” state and therefore prevents delivery of messages
that follow it.
Windows setup fixes
Duplicate computer names are created when Sysprep.exe generates random computer names. The deployment of a Windows 2000 image on network computers may result in duplicate computer names. This may send an error message informing you that duplicate computer names exist on your network. The fix is contained in an update to Syssetup.dll within Service Pack 3. Windows shell fixes
The computer may hang when a user logs on to a Terminal Services session. While logging in to a Terminal Services session, a user’s computer may stop responding as their local settings are being loaded. If another client tries to log on to the local machine, the following error message is displayed: C000021A Status_System_Process_Terminated. The culprit is an incorrect registry setting. The My Documents folder isn’t refreshed correctly
when it is redirected to a NetWare server. If you delete files from this folder,
the contents don’t change on the NetWare server unless a manual refresh is
performed. An internal naming problem causes the folder to not refresh. The
operating system is expecting updates to the folder to be addressed to the
shortened version of the folder name, while the updates are arriving with the
longer folder name as the location. The updates aren’t registered because
essentially the request is arriving at the wrong address.
Service Pack 3 is indeed worth your time
When you support a large number of employees at your company, you always face the threat of security problems. When a service pack is introduced, it’s always a good idea to add it to your workstations. However, I have a few rules before deciding to add just any service pack to my clients' machines. Those rules are as follows: The computer is experiencing significant errors
that can be attributed to a problem outlined in the service pack.
The computer is a server and absolutely mission critical to the operation of the business. The computer is a server with remote access enabled. The service pack should be applied to diminish the possibility of denial of service attacks, as well as other attacks against the system. Service Pack 3 should resolve many security,
administration, and base OS bugs that have caused computers running Windows 2000
to operate erratically or cease functioning.
|