@echo off

REM ##############################################################################
REM
REM Windows 2000 Professional / Server SP4 patch script by Doc Rice v1.2
REM This script requires the use of REG.EXE from the Windows NT 4.0 Resource Kit 
REM and the SLEEP.EXE utility.
REM
REM An updated version of REG.EXE utility can be found at:
REM 
REM ftp://ftp.microsoft.com/bussys/winnt/winnt-public/reskit/nt40/i386/reg_x86.exe
REM
REM SLEEP.EXE can be found at:
REM
REM http://www2.gol.com/users/trane/programming/programming.html
REM
REM
REM WARNING: This script assumes your Windows 2000 OS has been installed with 
REM defaults and currently has DirectX 7.0 and Windows Media Player 6.4.
REM
REM Please see http://winpatch.homeip.net for updated information.
REM
REM ##############################################################################


color 1F
title Windows 2000 SP4 Hotfix Install

:install
echo Installing patches for Windows 2000 SP4...
echo --------------------------------------------------------------------------------
echo Patch list updated as of 8/9/2005.
echo.
echo Today is %date%.
echo.
echo.
echo.


REM -------------------------------------------------------------

echo.
echo Checking for MS03-011: Flaw in Microsoft VM Could Enable System Compromise
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP-1\Q816093\Description" /s || echo Patching - see Q816093... && .\OS\Q816093\Q816093_W2K_SP4_X86_EN.exe -z -q

echo.
echo Checking for MS03-023: Buffer Overrun In HTML Converter Could Allow Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB823559\Description" /s || echo Patching - see Q823559... && .\OS\Q823559\Windows2000-KB823559-x86-ENU.exe /u /q /z

echo.
echo Checking for MS03-034: Flaw in NetBIOS Could Lead to Information Disclosure
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB824105\Description" /s || echo Patching - see Q824105... && .\OS\Q824105\Windows2000-KB824105-x86-ENU.exe /u /q /z

echo.
echo Checking for MS03-041: Vulnerability in Authenticode Verification Could Allow Remote Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB823182\Description" /s || echo Patching - see Q823182... && .\OS\Q823182\Windows2000-KB823182-x86-ENU.exe /u /q /z

echo.
echo Checking for MS03-042: Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB826232\Description" /s || echo Patching - see Q826232... && .\OS\Q826232\Windows2000-KB826232-x86-ENU.exe /u /q /z

echo.
echo Checking for MS03-043: Buffer Overrun in Messenger Service Could Allow Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB828035\Description" /s || echo Patching - see Q828035... && .\OS\Q828035\Windows2000-KB828035-x86-ENU.exe /u /q /z

echo.
echo Checking for MS03-049: Buffer Overrun in the Workstation Service Could Allow Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB828749\Description" /s || echo Patching - see Q828749... && .\OS\Q828749\Windows2000-KB828749-x86-ENU.exe /u /q /z

echo.
echo Checking for MS04-011: Security Update for Microsoft Windows
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB835732\Filelist" /s || echo Patching - see Q835732... && .\OS\Q835732\Windows2000-KB835732-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS04-012: Cumulative Update for Microsoft RPC/DCOM
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB828741\Filelist" /s || echo Patching - see Q828741... && .\OS\Q828741\Windows2000-KB828741-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS04-014: Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB837001\Filelist" /s || echo Patching - see Q837001... && .\OS\Q837001\Windows2000-KB837001-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS04-019: Vulnerability in Utility Manager Could Allow Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB842526\Filelist" /s || echo Patching - see Q842526... && .\OS\Q842526\Windows2000-KB842526-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS04-020: Vulnerability in POSIX Could Allow Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB841872\Filelist" /s || echo Patching - see Q841872... && .\OS\Q841872\Windows2000-KB841872-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS04-022: Vulnerability in Task Scheduler Could Allow Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB841873\Filelist" /s || echo Patching - see Q841873... && .\OS\Q841873\Windows2000-KB841873-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS04-024: Vulnerability in Windows Shell Could Allow Remote Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB839645\Filelist" /s || echo Patching - see Q839645... && .\OS\Q839645\Windows2000-KB839645-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS04-031: Vulnerability in NetDDE Could Allow Remote Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB841533\Filelist" /s || echo Patching - see Q841533... && .\OS\Q841533\Windows2000-KB841533-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS04-032: Security Update for Microsoft Windows
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB840987\Filelist" /s || echo Patching - see Q840987... && .\OS\Q840987\Windows2000-KB840987-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS04-037: Vulnerability in Windows Shell Could Allow Remote Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB841356\Filelist" /s || echo Patching - see Q841356... && .\OS\Q841356\Windows2000-KB841356-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS04-041: Vulnerability in WordPad Could Allow Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB885836\Filelist" /s || echo Patching - see Q885836... && .\OS\Q885836\Windows2000-KB885836-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS04-043: Vulnerability in HyperTerminal Could Allow Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB873339\Filelist" /s || echo Patching - see Q873339... && .\OS\Q873339\Windows2000-KB873339-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS04-044: Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB885835\Filelist" /s || echo Patching - see Q885835... && .\OS\Q885835\Windows2000-KB885835-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS05-003: Vulnerability in the Indexing Service Could Allow Remote Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB871250\Filelist" /s || echo Patching - see Q871250... && .\OS\Q871250\Windows2000-KB871250-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS05-008: Vulnerability in Windows Shell Could Allow Remote Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB890047\Filelist" /s || echo Patching - see Q890047... && .\OS\Q890047\Windows2000-KB890047-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS05-010: Vulnerability in the License Logging Service Could Allow Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB885834\Filelist" /s || echo Patching - see Q885834... && .\OS\Q885834\Windows2000-KB885834-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS05-011: Vulnerability in Server Message Block Could Allow Remote Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB885250\Filelist" /s || echo Patching - see Q885250... && .\OS\Q885250\Windows2000-KB885250-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS05-012: Vulnerability in OLE and COM Could Allow Remote Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB873333\Filelist" /s || echo Patching - see Q873333... && .\OS\Q873333\Windows2000-KB873333-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS05-013: Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB891781\Filelist" /s || echo Patching - see Q891781... && .\OS\Q891781\Windows2000-KB891781-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS05-015: Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB888113\Filelist" /s || echo Patching - see Q888113... && .\OS\Q888113\Windows2000-KB888113-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS05-016: Vulnerability in Windows Shell that Could Allow Remote Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB893086\Filelist" /s || echo Patching - see Q893086... && .\OS\Q893086\Windows2000-KB893086-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS05-018: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB890859\Filelist" /s || echo Patching - see Q890859... && .\OS\Q890859\Windows2000-KB890859-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS05-019: Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB893066\Filelist" /s || echo Patching - see Q893066... && .\OS\Q893066\Windows2000-KB893066-v2-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS05-024: Vulnerability in Web View Could Allow Remote Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB894320\Filelist" /s || echo Patching - see Q894320... && .\OS\Q894320\Windows2000-KB894320-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS05-026: Vulnerability in HTML Help Could Allow Remote Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB896358\Filelist" /s || echo Patching - see Q896358... && .\OS\Q896358\Windows2000-KB896358-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS05-027: Vulnerability in Server Message Block Could Allow Remote Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB896422\Filelist" /s || echo Patching - see Q896422... && .\OS\Q896422\Windows2000-KB896422-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS05-032: Vulnerability in Microsoft Agent Could Allow Spoofing
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB890046\Filelist" /s || echo Patching - see Q890046... && .\OS\Q890046\Windows2000-KB890046-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS05-036: Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB901214\Filelist" /s || echo Patching - see Q901214... && .\OS\Q901214\Windows2000-KB901214-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS05-039: Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB899588\Filelist" /s || echo Patching - see Q899588... && .\OS\Q899588\Windows2000-KB899588-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS05-040: Vulnerability in Telephony Service Could Allow Remote Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB893756\Filelist" /s || echo Patching - see Q893756... && .\OS\Q893756\Windows2000-KB893756-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS05-041: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB899591\Filelist" /s || echo Patching - see Q899591... && .\OS\Q899591\Windows2000-KB899591-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS05-042: Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB899587\Filelist" /s || echo Patching - see Q899587... && .\OS\Q899587\Windows2000-KB899587-x86-ENU.EXE /quiet /norestart

echo.
echo Checking for MS05-043: Vulnerability in Print Spooler Service Could Allow Remote Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB896423\Filelist" /s || echo Patching - see Q896423... && .\OS\Q896423\Windows2000-KB896423-x86-ENU.EXE /quiet /norestart


REM -------------------------------------------------------------
echo.
echo.
echo Patching Internet Information Services 5.0 SP4
echo --------------------------------------------------------------------------------
echo.

.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NntpSvc" || goto w3svc

echo.
echo Checking for MS04-036: Vulnerability in NNTP Could Allow Remote Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB883935\Filelist" /s || echo Patching for Q883935... && .\IIS\Q883935\Windows2000-KB883935-x86-ENU.EXE /quiet /norestart

:w3svc
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC" || goto iepatch

echo.
echo Checking for MS04-030: Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB824151\Filelist" /s || echo Patching for Q824151... && .\IIS\Q824151\Windows2000-KB824151-x86-ENU.EXE /quiet /norestart


:iepatch
REM -------------------------------------------------------------
echo.
echo.
echo Patching Internet Explorer
echo --------------------------------------------------------------------------------
echo.

setlocal

for /f "tokens=3" %%i in ('.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version"') do set IE_Version=%%i

if 5.00.3700.1000 == %IE_Version% (goto patch-ie501sp4)
if 5.50.4807.2300 == %IE_Version% (goto patch-ie55sp2)
if 6.0.2800.1106 == %IE_Version% (goto patch-ie6sp1) else (goto wmp)

:patch-ie501sp4
echo.
echo Checking for MS05-038: Cumulative Security Update for Internet Explorer
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Internet Explorer 5.01\SP4\KB896727-IE501SP4-20050719.165544\Filelist" /s || echo Patching - see Q896727... && .\IE_5.01\Q896727\IE5.01sp4-KB896727-Windows2000sp4-x86-ENU.exe /quiet /norestart
goto mdac

:patch-ie55sp2
echo.
echo Checking for MS04-004: Cumulative Security Update for Internet Explorer
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{eddbec60-89cb-44ef-8291-0850fd28ff6a}\Version" /s || echo Patching - see Q832894... && .\IE_5.5\Q832894\Q832894.exe /q:a /r:n
goto mdac

:patch-ie6sp1
echo.
echo Checking for MS05-038: Cumulative Security Update for Internet Explorer
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Internet Explorer 6\SP1\KB896727-IE6SP1-20050719.165959\Filelist" /s || echo Patching - see Q896727... && .\IE_60\Q896727\IE6.0sp1-KB896727-Windows-2000-XP-x86-ENU.exe /quiet /norestart
goto mdac

endlocal

:wmp
REM -------------------------------------------------------------
echo.
echo.
echo Patching Windows Media Player 6.4 for Windows 2000 SP4
echo.

echo Checking for Q828026: Update for Windows Media Player URL script command behavior
echo Patching for Q828026... && .\WMP\Q828026\WindowsMedia-Q828026-x86-ENU.exe /u /q /z


:mdac
REM -------------------------------------------------------------
echo.
echo.
echo Patching MDAC 2.5 SP3
echo --------------------------------------------------------------------------------
echo.

echo.
echo Checking for MS04-003: Buffer Overrun in MDAC Function Could Allow Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\DataAccess\Q832483\Description" /s || echo Patching - see Q832483... && .\MDAC\Q832483\ENU_Q832483_MDAC_x86.EXE /C:"dahotfix.exe /q /n" /q


REM -------------------------------------------------------------
echo.
echo.
echo Qchaining hotfixes...
echo.

.\Qchain\qchain.exe


REM -------------------------------------------------------------
color
echo.
echo.
echo Initial update process for Windows 2000 SP4 completed.  Please reboot 
echo for all hotfixes to take effect and verify patch levels afterwards.
echo.

.\SLEEP\sleep.exe 03
goto end


:end