Manage

Patching the Windows 2000 server

In this Ask the Expert Q&A, our platform security expert explains how to apply patches to the Windows 2000 server. He also provides a variety of resources that will help identify uninstalled patches and updates.

I recently ran WinVer and it came back with version 5 build 2195 SP 4 for my 2000 server. Do I need to apply any patches? How can I find out if the patches have been applied?

Winver is a Windows command that shows the version of Windows you are running, along with the build and version numbers of the most recent service pack installed. The release version of Windows 2000 is version 5.0, build 2195, so the only useful information it provides is the service pack number. Service packs are cumulative, meaning each new service pack contains all the fixes included with previous service packs plus any new fixes. Windows 2000 Service Pack 4 (SP4) is the latest service pack for Windows 2000.

To check whether you need to apply any patches released since SP4 you should run the Microsoft Baseline Security...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

Analyzer (MBSA), which can check for uninstalled patches and updates. You can also scan your server against vulnerable configurations. To view the list of uninstalled security updates and links to the security bulletin that contains the patch, or instructions about obtaining the patch, open the result details link once the security updates check has run. Each security bulletin also includes information about registry values, file versions and configuration changes you can use to verify that the patch is installed. You can download MBSA for free at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/Tools/mbsahome.asp.

Run the MBSA on a scheduled basis to check for the latest operating system and components updates. I also recommend subscribing to the Microsoft Security Notification Service, which keeps subscribers informed of all the latest security problems and fixes. You can find details about it at http://register.microsoft.com/subscription/subscribeme.asp?ID=135.

In my opinion the easiest software solution to use for managing patch installation is HFNetChkPro from Shavlik Technologies. (Shavlick developed the HFNetChk scanning engine that MBSA uses.) There is a Basic Edition that is aimed at smaller organizations that do not need advanced patch management functions such as scheduled scans and e-mail support. You can find more information at http://www.shavlik.com/hfnetchk-windows.aspx.

Related Information

Learn how to manage patch installations

Find top tools for testing your online security.

This was last published in September 2005

Dig Deeper on Microsoft Patch Tuesday and patch management

All
News
Get Started
Evaluate
Manage
Problem Solve

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

Related Resources

Dig Deeper on Microsoft Patch Tuesday and patch management

Related Q&A from Michael Cobb

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.