Security Home > BackOffice Software > SQL Server

Cumulative Patch for SQL Server New

Microsoft has released a cumulative patch for SQL server that includes the functionality of all previously released patches and in addition eliminates three newly discovered vulnerabilities.

Issue

  • A buffer overrun vulnerability in a procedure used to encrypt SQL Server credential information. An attacker who was able to successfully exploit this vulnerability could gain significant control over the database and possibly the server itself depending on the account SQL Server runs as.
  • A buffer overrun vulnerability in a procedure that relates to the bulk inserting of data in SQL Server tables. An attacker who was able to successfully exploit this vulnerability could gain significant control over the database and possibly the server itself.
  • A privilege elevation vulnerability that results because of incorrect permissions on the Registry key that stores the SQL Server service account information. An attacker who was able to successfully exploit this vulnerability could gain greater privileges on the system than had been granted by the system administrator -- potentially even the same rights as the operating system.

    Affected Products

    • Microsoft SQL Server 2000

    Download

    Patch: http://support.microsoft.com/support/misc/kblookup.asp?id=Q316333

    Further Details

    Source: Microsoft Corporation

    Reference: Microsoft Corporation

    Updated: July 10, 2002

    >> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<

    • More Guides » Registry Guide Support Forums Software Guide Scripting Guide Search