Return to SQL Server 7.0/2000 Security Patch: Extended Stored Procedures Vulnerability
SQL Server 7.0/2000 Security Patch: Extended Stored Procedures Vulnerability
Written by Chris Miller on 08 December 2000
Microsoft has released a security patch to repair a flaw in an API that works with extended stored procedures. A user exploiting this breach could execute foreign code or shut down the server. The problem affects SQL Server 2000 and 7.0, SQL Server Desktop Engine 2000, and Microsoft Data Engine 1.0 (MSDE 1.0). You can apply the SQL Server 7.0 patch on top of Service Pack 2 (SP2) and the SQL Server 2000 patch on top of SQL Server 2000. Microsoft plans to include these patches in the next service pack releases. Patches are available on Microsoft's support Web site. See the Microsoft Web site for more information about the patch.