Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Microsoft Security Bulletin (MS00-014)
From: grayburn () FIRSTAM COM (Rayburn, Gordon)
Date: Tue, 14 Mar 2000 10:22:33 -0800

Fyi, for those of you installing the SP2 BETA (or have already), this hotfix
will not work with the SQL7 SP2 Beta release.  The ums.dll does not have
functions that the patched sqlservr.exe requires.  It's understandable, but
MS doesn't make it known to the user that a higher version SP will/should
not work with a lower version hotfix.

Only tested on NT4 SP5

@@Version 7.00.835 -- SP2 Beta version.  ums.dll problem after installing
@@Version 7.00.780 -- Hotfix Version.
@@Version 7.00.699 -- SP1 no problems reported installing the hotfix.

Gordon Rayburn

Credco IS,

-----Original Message-----
From: Microsoft Product Security [SMTP:secnotif () MICROSOFT COM]
Sent: Thursday, March 09, 2000 1:53 PM
Subject:      Microsoft Security Bulletin (MS00-014)

The following is a Security  Bulletin from the Microsoft Product Security
Notification Service.

Please do not  reply to this message,  as it was sent  from an unattended

Microsoft Security Bulletin (MS00-014)

Patch Available for "SQL Query Abuse" Vulnerability
Originally Posted: March 08, 2000

Microsoft has released a patch that eliminates a security vulnerability in
Microsoft® SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0. The
vulnerability could allow the remote author of a malicious SQL query to
take unauthorized actions on a SQL Server or MSDE database or on the
underlying system that was hosting the SQL Server or MSDE database.

Frequently asked questions regarding this vulnerability and the patch can
be found at
Microsoft Security Advisor web site at http://www.microsoft.com/security.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]