Security gap in all Microsoft SQL Servers (kb2475)
The information in this article applies to:
- Microsoft Database Engine 2000
- Microsoft Database Engine 1.0
- Microsoft SQL Server 2000
- Microsoft SQL Server 7.0
- SwyxWare all versions
Microsoft has reported severe security gaps in all their SQL Server Versions and has released a patch for them.
Swyx strongly recommends to install this patch on SwyxServer machines having installed the MSDE or an SQL Server. The patch can be downloaded from the Microsoft Security Bulletin being linked in the References section of this article. If you have installed the Database from the SwyxWare CD (MSDE) you need to download and install the patch for Microsoft SQL Server 7.0 (English).
The patch eliminates the following three problems:
- Named Pipe Hijacking
- Named Pipe Denial of Service
- SQL Server Buffer Overun
More Details can be found in the Microsoft Security Bulletin.
Before installing the patch you need to install the SQL Server 7 Service Pack 4 which can be found on the SwyxWare CD
or from the Microsoft Webpages.
This article describes how to obtain the version of the currently installed SQL-Server / MSDE:
- Cumulative Patch for Microsoft SQL Server (815495)
Microsoft Security Bulletin MS03-031
- Microsoft SQL Server 7 Service Pack 4
- SwyxWare v4.12 CD on Swyx FTP Server
The third-party contact information included in this article is provided to help you find the technical support you need. This contact information is subject to change without notice. Swyx in no way guarantees the accuracy of this third-party contact information nor is responsible for it's content.