General 8065 Published by

Microsoft Security Bulletin MS00-035 announces the availability of a patch that eliminates a vulnerability in the installation routines for Microsoft® SQL Server 7.0 Service Packs 1 and 2. The vulnerability could allow the administrator´s password to be compromised under certain conditions.

What's the scope of the vulnerability?

When SQL Server 7.0 Service Packs 1 and 2 are installed on a system that performs user authentication using Mixed Mode, the installation process can, under certain conditions, leave a copy of the database administrator's password in a file on the server. If recovered by a malicious user, the password could be used to exercise administrative control over the database.

There are some significant restrictions to this vulnerability:

- It does not occur when the recommended authentication method, Windows NT® Authentication, is used.
- Even when Mixed Mode is used, it only occurs if a particular type of authentication, SQL Server Authentication, is used.
- By default, the file containing the password could only be read by a user who could interactively log onto the server. Standard security recommendations strongly militate against allowing normal users to interactively log onto security-critical servers such as database servers.

Read more