Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 Site Related Forums
 Article Discussion
 Article: Cumulative Patch for SQL Server 2000

Author  Topic 

AskSQLTeam
Ask SQLTeam Question

0 Posts

Posted - 2002-07-11 : 08:53:14
This is a cumulative patch that, when applied, address all previously addressed vulnerabilities. In addition, it eliminates three new vulnerability:

  • A buffer overrun vulnerability in a procedure that handles password encryption for SQL Server authentication that could enable code of an attacker's choice to be run in the same context as the SQL Server.
  • A buffer overrun vulnerability in a procedure that handles bulk inserting of database tables that could enable an attacker's code to run in the SQL Server Service Account's security context.
  • A privilege elevation vulnerability that could enable an attacker to gain the ability to execute SQL Server commands in the security context of the operating system.

Article Link.

sgtwilko
Starting Member

23 Posts

Posted - 2002-07-22 : 14:03:36
This patch can also degrade your perfomance with some queries on SMP machines.

We are working with Microsoft to resolve this issue.

This only happens with large queries that SQL server does not produce a suitable Query plan for.

--
Eagles may soar,
but Weasels aren't sucked into jet engines.
Go to Top of Page
   

- Advertisement -