This is a cumulative patch that includes the functionality of all previously released patches for SQL Server 2000. In addition, it eliminates three newly discovered vulnerabilities affecting SQL Server 2000 and MSDE 2000 (but not any previous versions of SQL Server or MSDE):
View: Microsoft Technet - Security Bulletin ID MS02-034
Download: Patch for Microsoft SQL Server 2000
- A buffer overrun vulnerability in a procedure used to encrypt SQL Server credential information. An attacker who was able to successfully exploit this vulnerability could gain significant control over the database and possibly the server itself depending on the account SQL server runs as.
- A buffer overrun vulnerability in a procedure that relates to the bulk inserting of data in SQL Server tables. An attacker who was able to successfully exploit this vulnerability could gain significant control over the database and possibly the server itself.
- A privilege elevation vulnerability that results because of incorrect permissions on the Registry key that stores the SQL Server service account information. An attacker who was able to successfully exploit this vulnerability could gain greater privileges on the system than had been granted by the system administrator potentially even the same rights as the operating system.
View: Microsoft Technet - Security Bulletin ID MS02-034 Download: Patch for Microsoft SQL Server 2000
Title: Cumulative Patch for SQL Server (Q316333)
Date: 10 July 2002
Software: SQL Server 2000
Impact: Elevation of privilege
Max Risk: Moderate
Bulletin: MS02-034
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.