Microsoft: Patch SQL flaw now


Microsoft: Patch SQL flaw now

Mike Simons
Microsoft is urging SQL server administrators to apply the latest patch which will fix three major vulnerabilities in the database.

The company has identified four flaws, with an overall "critical" rating, that threatens the security of any organisation running the database on the Internet or an Intranet.

The most serious is a buffer over-run in a section of code in SQL Server 2000 and Microsoft Desktop Engine 2000, which could allow an attacker to cause a server to fail or give a hacker the ability to overwrite memory on the server.

Other vulnerabilities occur in the database console commands and in the handling of scheduled jobs of SQL Server 7.0 and 2000.

The latest patch supersedes all previously released security patches for SQL Server 7.0 and 2000 database engines, Microsoft said. However, a Microsoft Security Bulletin warned: "applying this patch is not sufficient by itself to fully secure a SQL Server".

The Microsoft Security Bulletin is available at:

The patches can be downloaded at:
Microsoft SQL Server 7.0:;en-us;Q327068&sd=tech

Microsoft SQL Server 2000:;en-us;Q316333&sd=tech

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy