Microsoft has released a patch that eliminates a security vulnerability in Microsoft® SQL Server and Microsoft SQL Server Desktop Engine (MSDE). The vulnerability could enable a malicious user to run code on the server, subject to a number of restrictions.
Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-092.asp
Affected Software Versions
Microsoft SQL Server 7.0
Microsoft SQL Server 2000
Microsoft Data Engine 1.0 (MSDE 1.0)
Microsoft SQL Server Desktop Engine 2000 (MSDE 2000)
Note: MSDE 1.0 was released with SQL Server 7.0. MSDE 2000 was released with SQL Server 2000.
Patch Availability
http://support.microsoft.com/support/sql/xp_security.asp
Note: The SQL Server 7.0 patch can be applied atop Service Pack 2. It will be included in SQL Server 7.0 Service Pack 3.
Note: The SQL Server 2000 patch can be applied atop SQL Server 2000. It will be included in SQL Server 2000 Service Pack 1.
Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-092.asp
Affected Software Versions
Microsoft SQL Server 7.0
Microsoft SQL Server 2000
Microsoft Data Engine 1.0 (MSDE 1.0)
Microsoft SQL Server Desktop Engine 2000 (MSDE 2000)
Note: MSDE 1.0 was released with SQL Server 7.0. MSDE 2000 was released with SQL Server 2000.
Patch Availability
http://support.microsoft.com/support/sql/xp_security.asp
Note: The SQL Server 7.0 patch can be applied atop Service Pack 2. It will be included in SQL Server 7.0 Service Pack 3.
Note: The SQL Server 2000 patch can be applied atop SQL Server 2000. It will be included in SQL Server 2000 Service Pack 1.
