mailing list archives
Re: Microsoft Security Bulletin (MS00-014)
From: grayburn () FIRSTAM COM (Rayburn, Gordon)
Date: Tue, 14 Mar 2000 10:22:33 -0800
Fyi, for those of you installing the SP2 BETA (or have already), this hotfix
will not work with the SQL7 SP2 Beta release. The ums.dll does not have
functions that the patched sqlservr.exe requires. It's understandable, but
MS doesn't make it known to the user that a higher version SP will/should
not work with a lower version hotfix.
Only tested on NT4 SP5
@@Version 7.00.835 -- SP2 Beta version. ums.dll problem after installing
@@Version 7.00.780 -- Hotfix Version.
@@Version 7.00.699 -- SP1 no problems reported installing the hotfix.
Sr. MSSQL DBA
From: Microsoft Product Security [SMTP:secnotif () MICROSOFT COM]
Sent: Thursday, March 09, 2000 1:53 PM
To: NTBUGTRAQ () LISTSERV NTBUGTRAQ COM
Subject: Microsoft Security Bulletin (MS00-014)
The following is a Security Bulletin from the Microsoft Product Security
Please do not reply to this message, as it was sent from an unattended
Microsoft Security Bulletin (MS00-014)
Patch Available for "SQL Query Abuse" Vulnerability
Originally Posted: March 08, 2000
Microsoft has released a patch that eliminates a security vulnerability in
Microsoft® SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0. The
vulnerability could allow the remote author of a malicious SQL query to
take unauthorized actions on a SQL Server or MSDE database or on the
underlying system that was hosting the SQL Server or MSDE database.
Frequently asked questions regarding this vulnerability and the patch can
be found at
Microsoft Security Advisor web site at http://www.microsoft.com/security.