News

Microsoft: Patch SQL flaw now

Mike Simons
Microsoft is urging SQL server administrators to apply the latest patch which will fix three major vulnerabilities in the database.

The company has identified four flaws, with an overall "critical" rating, that threatens the security of any organisation running the database on the Internet or an Intranet.

The most serious is a buffer over-run in a section of code in SQL Server 2000 and Microsoft Desktop Engine 2000, which could allow an attacker to cause a server to fail or give a hacker the ability to overwrite memory on the server.

Other vulnerabilities occur in the database console commands and in the handling of scheduled jobs of SQL Server 7.0 and 2000.

The latest patch supersedes all previously released security patches for SQL Server 7.0 and 2000 database engines, Microsoft said. However, a Microsoft Security Bulletin warned: "applying this patch is not sufficient by itself to fully secure a SQL Server".

The Microsoft Security Bulletin is available at: www.microsoft.com/technet/security/bulletin/MS02-056.asp

The patches can be downloaded at:
Microsoft SQL Server 7.0:
support.microsoft.com/default.aspx?scid=kb;en-us;Q327068&sd=tech

Microsoft SQL Server 2000:
support.microsoft.com/default.aspx?scid=kb;en-us;Q316333&sd=tech

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy