TechTarget

Microsoft: Patch SQL flaw now

Microsoft is urging SQL server administrators to apply the latest patch which will fix three major vulnerabilities in the...

Microsoft is urging SQL server administrators to apply the latest patch which will fix three major vulnerabilities in the database.

The company has identified four flaws, with an overall "critical" rating, that threatens the security of any organisation running the database on the Internet or an Intranet.

The most serious is a buffer over-run in a section of code in SQL Server 2000 and Microsoft Desktop Engine 2000, which could allow an attacker to cause a server to fail or give a hacker the ability to overwrite memory on the server.

Other vulnerabilities occur in the database console commands and in the handling of scheduled jobs of SQL Server 7.0 and 2000.

The latest patch supersedes all previously released security patches for SQL Server 7.0 and 2000 database engines, Microsoft said. However, a Microsoft Security Bulletin warned: "applying this patch is not sufficient by itself to fully secure a SQL Server".

The Microsoft Security Bulletin is available at: www.microsoft.com/technet/security/bulletin/MS02-056.asp

The patches can be downloaded at:
Microsoft SQL Server 7.0:
support.microsoft.com/default.aspx?scid=kb;en-us;Q327068&sd=tech

Microsoft SQL Server 2000:
support.microsoft.com/default.aspx?scid=kb;en-us;Q316333&sd=tech

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close