Microsoft: Patch SQL flaw now

Microsoft is urging SQL server administrators to apply the latest patch which will fix three major vulnerabilities in the...

Microsoft is urging SQL server administrators to apply the latest patch which will fix three major vulnerabilities in the database.

The company has identified four flaws, with an overall "critical" rating, that threatens the security of any organisation running the database on the Internet or an Intranet.

The most serious is a buffer over-run in a section of code in SQL Server 2000 and Microsoft Desktop Engine 2000, which could allow an attacker to cause a server to fail or give a hacker the ability to overwrite memory on the server.

Other vulnerabilities occur in the database console commands and in the handling of scheduled jobs of SQL Server 7.0 and 2000.

The latest patch supersedes all previously released security patches for SQL Server 7.0 and 2000 database engines, Microsoft said. However, a Microsoft Security Bulletin warned: "applying this patch is not sufficient by itself to fully secure a SQL Server".

The Microsoft Security Bulletin is available at: www.microsoft.com/technet/security/bulletin/MS02-056.asp

The patches can be downloaded at:
Microsoft SQL Server 7.0:
support.microsoft.com/default.aspx?scid=kb;en-us;Q327068&sd=tech

Microsoft SQL Server 2000:
support.microsoft.com/default.aspx?scid=kb;en-us;Q316333&sd=tech

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Business applications

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close