Microsoft has released security bulletin MS08-040. To view the complete security bulletin, visit one of the following Microsoft Web sites:

• Home users:
  http://www.microsoft.com/protect/computer/updates/bulletins/200807.mspx (http://www.microsoft.com/protect/computer/updates/bulletins/200807.mspx)
  Skip the details Download the updates for a home computer or for a laptop from the Microsoft Update Web site now:
  http://update.microsoft.com/microsoftupdate (http://update.microsoft.com/microsoftupdate/)
• IT professionals:
  http://www.microsoft.com/technet/security/bulletin/MS08-040.mspx (http://www.microsoft.com/technet/security/bulletin/MS08-040.mspx)

How to obtain help and support for this security update

For home users, no-charge support is available by calling 1-866-PCSAFETY in the United States and Canada or by contacting your local Microsoft subsidiary. For more information about how to contact your local Microsoft subsidiary for support issues with security updates, visit the Microsoft International Support Web site: North American customers can also obtain instant access to unlimited no-charge e-mail support or to unlimited individual chat support by visiting the following Microsoft Web site: For enterprise customers, support for security updates is available through your usual support contacts.

Known issues with this security update

Microsoft Internet Security and Acceleration (ISA) Server 2004 and ISA Server 2006 could be affected by this update in the following ways:

• The MSSQL$MSFW service is stopped and then restarted when the associated database instances are updated. This action occurs if Microsoft SQL Server 2000 or Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) is installed on the computer that is running ISA Server. This action also stops the Microsoft Firewall service. Therefore, the SQL Server installer tries to return the Microsoft Firewall service to the same state that it was in before the update was started. Because the update installer cannot control services on a remote server, you must monitor and possibly restart the Microsoft Firewall service and the dependent services if ISA Server is configured for remote SQL Server logging.
  
  By default, ISA Server disables remote network connectivity for the ISA Server MSDE instance (MSSQL$MSFW) to prevent vulnerability to network-based SQL attacks. ISA Server 2004 Setup installs a pre-SQL Server 2000 Service Pack 4 (SP4) version of MSDE 2000 that you must upgrade to SQL Server 2000 SP4 before you apply this update. For more information about how to obtain SQL Server 2000 SP4, visit the following Microsoft Web site:
  http://www.microsoft.com/downloads/details.aspx?FamilyID=8e2dfc8d-c20e-4446-99a9-b7f0213f8bc5 (http://www.microsoft.com/downloads/details.aspx?FamilyID=8e2dfc8d-c20e-4446-99a9-b7f0213f8bc5)
  The MSDE 2000 component of SQL Server 2000 SP4 is named the SQL2000.MSDE-KB884525-SP4-x86-Lang.exe file. Type the following command at a command prompt to upgrade the instance of ISA Server 2004 MSDE to MSDE 2000 together with SQL Server 2000 SP4:
  setup /upgradesp sqlrun instancename=MSFW /l*v c:\msde2Ksp4.log
  Important The SQL Server 2000 SP4 installer also stops and then tries to restart the Microsoft Firewall service. However, the service may not correctly restart after you install the security update. In this case, you may have to restart the service manually.
• ISA Server 2006 installs MSDE 2000 together with SQL Server 2000 SP4.
  
  By default, ISA Server 2000 is not affected by the SQL Server security update. ISA Server 2000 may be configured to use a remote instance of SQL Server for logging. If that instance of SQL Server is updated, ISA Server 2000 may be affected in the same manner as ISA Server 2004 and ISA Server 2006. Because the update installer cannot control services on a remote server, you must monitor and possibly restart the ISA Server services.
• You cannot install this update by using the SA account.
  
  You can work around this issue by using the following command to install this update:
  SQL2000-KB948111-v8.00.2273-x86x64-ENU.exe /INSTANCENAME=Name /SAPWD=PASSWORD

File information

The English (United States) version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

For all supported 32-bit editions of SQL Server 2000 SP4

For all supported Itanium-based editions of SQL Server 2000 SP4