News

Microsoft Releases Update Rollup 1 for Windows 2000 SP4

• By Scott Bekker
• June 29, 2005

Update Rollup 1 contains all security updates produced for Windows 2000 between the lockdown prior to Service Pack 4's release and April 30, 2005, when the new Update Rollup was locked down.

While Microsoft encourages SP4 customers to install the update, it is not required. "Update Rollup 1 contains additional important fixes in files that have not previously been part of individual security updates," Microsoft's advisory about the Update Rollup states. "In addition, the Update Rollup 1 contains additional enhancements that increase system security, reliability, reduce support costs and support the current generation of PC hardware."

The Update Rollup also makes a security change in the way telephony servers and clients communicate using the Telephony Application Programming Interface (TAPI). After installation of the Update Rollup, Windows 2000 telephony clients only accept encrypted RPC packets from telephony servers. The change does not affect TAPI deployments using mailslot, the default, instead of RPC for communications.

As the Update Rollup is not a service pack, Microsoft does not plan to provide a blocking tool to help enterprise customers delay deployment of the bundle of patches over Automatic Updates. Microsoft did provide such a tool for both Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1.

However, deployment via Automatic Updates will not be immediate due to a planned upgrade of the Windows Update infrastructure. The Microsoft-hosted, back-end infrastructure for upgrading Windows 2000 will go from Windows Update v4 to Windows Update v6 in early July. After that, Microsoft will begin automated distribution of Update Rollup 1 via Automatic Updates.

Microsoft took the opportunity of the release to reiterate an announcement from November 2004 that there will be no SP5 for Windows 2000. Windows NT 4.0, by contrast, ended up with six service packs. "Windows 2000 SP4 is the final service pack for Windows 2000."

In explaining the decision not to do another service pack, Microsoft argued an Update Rollup for SP4 meets customer needs better than another service pack. "Because Windows 2000 has reached a high level of product maturity, many of the Windows 2000 hotfixes that have been released since Windows 2000 SP4 was released addressed relatively obscure issues that affect a small number of customers," Microsoft wrote in a Knowledge Base Article (891861). "At this point in the life cycle of Windows 2000, an update rollup provides the maximum utility at the minimum risk of instability."

In comparison to the 51 security issues addressed in the Update Rollup, the two-year-old SP4 included fixes for 650 issues.

As implied by the name of the Update Rollup, SP4 is a prerequisite for installation. The order for new installations of Windows 2000 will be the base operating system first followed by SP4, Update Rollup 1 then subsequent updates. Once the Update Rollup is installed, the system's service pack level will remain at SP4.

Security bulletins covered by the Update Rollup hit Windows 2000-related issues ranging from MS02-050, first released in September 2002, to MS05-020, released April 12. Microsoft noted that the Update Rollup doesn’t contain updates for Windows components not included with a clean slipstream install of Windows 2000 SP4. Examples of patches not included in the Update Rollup are MS03-011 fixing a flaw in the Microsoft Virtual Machine and any updates for Internet Explorer 6 -- the Update Rollup only includes patches for IE 5.01, which originally shipped with Windows 2000.