SQL Server Forums
Profile | Register | Active Topics | Members | Search | Forum FAQ
 
Register Now and get your question answered!
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Site Related Forums
 Article Discussion
 Article: Cumulative Patch for SQL Server 2000
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

AskSQLTeam
Ask SQLTeam Question

USA
0 Posts

Posted - 07/11/2002 :  08:53:14  Show Profile  Visit AskSQLTeam's Homepage  Reply with Quote
This is a cumulative patch that, when applied, address all previously addressed vulnerabilities. In addition, it eliminates three new vulnerability:

  • A buffer overrun vulnerability in a procedure that handles password encryption for SQL Server authentication that could enable code of an attacker's choice to be run in the same context as the SQL Server.
  • A buffer overrun vulnerability in a procedure that handles bulk inserting of database tables that could enable an attacker's code to run in the SQL Server Service Account's security context.
  • A privilege elevation vulnerability that could enable an attacker to gain the ability to execute SQL Server commands in the security context of the operating system.

Article Link.

sgtwilko
Starting Member

United Kingdom
23 Posts

Posted - 07/22/2002 :  14:03:36  Show Profile  Reply with Quote
This patch can also degrade your perfomance with some queries on SMP machines.

We are working with Microsoft to resolve this issue.

This only happens with large queries that SQL server does not produce a suitable Query plan for.

--
Eagles may soar,
but Weasels aren't sucked into jet engines.
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
SQL Server Forums © 2000-2009 SQLTeam Publishing, LLC Go To Top Of Page
This page was generated in 0.03 seconds. Powered By: Snitz Forums 2000