MS03-033 or MDAC 2.8 Which would you install?
-
Just yesterday Microsoft provided a MDAC security patch for MDAC 2.5, 2.6, and 2.7. Find more information here:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-033.asp
Now I guess my question is, if you want to make your environment secure, and minimize your long term testing and deployment effort, then would you install MDAC 2.8 or patch MS03-033, if you where on a MDAC less than 2.8?
My guess is testing of 2.8 would require more work then testing for MS03-033. But what would you consider a reasonable approach to moving forward with plugging the security hole identified by MS03-033? Looking for your suggest implementation strategies.
Gregory Larsen, DBA
If you looking for SQL Server Examples check out my website at http://www.geocities.com/sqlserverexamples
Gregory A. Larsen, MVP
-
I prefer to apply the patch ms03-033. MDAC 2.8 release installs the same Data Access components as Microsoft Windows Server 2003. It enhances the security and adds some new features.
If you like to install MDAC 2.8, Test your application with MDAC 2.8 to make sure that you are aware of any compatibility issues before you decide whether to have MDAC 2.8 deployed (or updated). You are the experienced profesional and alredy know about that.
Edited by - allen_cui on 08/21/2003 09:36:44 AM
-
So installing a patch like MS03-033 does not require you to test your applications. Right? Or at least the testing is a much smaller effort than MDAC 2.8.
But isn't the amount of work to rollout the change the same. Doesn't every client machine need to be touched to install MS03-033? Isn't the same amount of work required to roll out MDAC 2.8?
So basically all you are saving is some testing time. Right? Plus if you install MS03-033 first, then push out MDAC 2.8 later you will be requiring twice the rollout effort as only applying MDAC 2.8. I suppose this might be significant if you have to have a help desk person go to each client machine and run the patch and update manually.
So how many problems have people had with rolling out MDAC 2.8? How much testing do people really do for a rollout such as MDAC 2.8? If the amount of testing is minimal, the number of problems people have had are very small, and the amount of effort to roll out either MS03-033, or MDAC 2.8 is big would it not make sense to concentrate your effort on rolling out 2.8 verses fixing the small security hole associated with MS03-033? Under this situation would you still rollout MS03-033, or concentrate on MDAC 2.8?
Gregory Larsen, DBA
If you looking for SQL Server Examples check out my website at http://www.geocities.com/sqlserverexamples
Gregory A. Larsen, MVP
-
No one can be sure how many new security holes the MDAC have after MDAC 2.8. We have seen Microsoft constantly release all kind of security fixes. By automating rollout with SMS packaging to user workstations, I don't see much difference between rolling out security fix and the new MDAC.
The biggest concerns are still the compatibility issues for different kind of applications and the time/resources needed to test the new MDAC.
-
If there is a new configuration change then the main thing is to test it away from potentially embarassing situations.
We got stung in the jump from 2.5 to 2.6 because all the JET stuff was left out.
We also have to support a number of Site Server applications so upgrading anything on the Site Server boxes is a major headache i.e. migraine going on scanners
-
quote:
So installing a patch like MS03-033 does not require you to test your applications. Right? Or at least the testing is a much smaller effort than MDAC 2.8.But isn't the amount of work to rollout the change the same. Doesn't every client machine need to be touched to install MS03-033?
I would test. I've been bitten by that bug before and it is painful.
We don't use SMS (too many problems). What we installed to ease deployment of patches was SUS (software update services http://www.microsoft.com/windows2000/windowsupdate/sus/ ). The server along with a registry hack on the clients (you would need to do this manually or put it in the logon script) allows you to approve all security patches from Microsoft before they are pushed out to your clients. The server has sparse documentation so might be a little difficult to setup, but has been working well.
Joe Johnson
Edited by - johnsonj on 08/22/2003 08:45:47 AM
Edited by - johnsonj on 08/22/2003 08:50:31 AM
Joe Johnson
NETDIO,LLC. -
We'll likely push MS03-033 first. We've seen upgrading MDAC versions can sometimes break apps... especially some of our homegrown ones (don't ask). In either case, the order of the day is still regression testing.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
K. Brian Kelley
@kbriankelley
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply