SQL Server 7.0/2000 Security Patch: Extended Stored Procedures Vulnerability

By Chris Miller on 8 December 2000 | 2 Comments | Tags: Hot Fixes


Microsoft has released a security patch to repair a flaw in an API that works with extended stored procedures. A user exploiting this breach could execute foreign code or shut down the server. The problem affects SQL Server 2000 and 7.0, SQL Server Desktop Engine 2000, and Microsoft Data Engine 1.0 (MSDE 1.0). You can apply the SQL Server 7.0 patch on top of Service Pack 2 (SP2) and the SQL Server 2000 patch on top of SQL Server 2000. Microsoft plans to include these patches in the next service pack releases. Patches are available on Microsoft's support Web site. See the Microsoft Web site for more information about the patch.

Discuss this article: 2 Comments so far. Print this Article.

If you like this article you can sign up for our weekly newsletter. There's an opt-out link at the bottom of each newsletter so it's easy to unsubscribe at any time.

Email Address:

Related Articles

Microsoft Security Bulletin MS02-061 : Elevation of Privilege in SQL Server Web Tasks (Q316333) (21 October 2002)

New SQL Server Cumulative Security Patch (3 October 2002)

SQL Server 2000 Cumulative Security Update ... Again. (16 August 2002)

Cumulative Patch for SQL Server 2000 (11 July 2002)

New Sql Server Buffer Overrun issue (17 June 2002)

Worm squirming through SQL servers (21 May 2002)

Unchecked Buffer in Extended Stored Procedures (17 April 2002)

SQL Injection White Paper (2 April 2002)

Other Recent Forum Posts

Low batch Batchrequests/sec (3 Replies)

Jobs canceled abruptly in a SQL server Client (1 Reply)

can I update sql 08 R2 to sp2 without sp1 first (2 Replies)

SQL Server Slow Performance From ASP.NET Web App (4 Replies)

Violation of %ls constraint '%.*ls'. Cannot insert (0 Replies)

Move columns into rows for same items (3 Replies)

CASE help (6 Replies)

Sql query by time range + shop (1 Reply)

Subscribe to SQLTeam.com

Weekly SQL Server newsletter with articles, forum posts, and blog posts via email. Subscribers receive our white paper with performance tips for developers.

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -