Cakkie
January 27th, 2003, 11:58 AM
In october 2002, MS published a security bulletin which concerns a security vunerability in the SQL2K authentication which could lead to code execution on the target SQL Server.
A few days ago, one of the first virusses was spotted exploiting this bug. The virus isn't destructive (yet), but you are adviced to upgrade or patch your SQL Server.
I'm putting this here because SQL Server 2K desktop engine is installed when you install VS.Net. The desktop engine is also affected by this bug, and therefore a possible target. Since this installation is typically forgotten about, many .Net machines are unpatched.
This bug is fixed in SQL Server 2K SP2.
More info (including patch downloads) can be found here: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-056.asp
A few days ago, one of the first virusses was spotted exploiting this bug. The virus isn't destructive (yet), but you are adviced to upgrade or patch your SQL Server.
I'm putting this here because SQL Server 2K desktop engine is installed when you install VS.Net. The desktop engine is also affected by this bug, and therefore a possible target. Since this installation is typically forgotten about, many .Net machines are unpatched.
This bug is fixed in SQL Server 2K SP2.
More info (including patch downloads) can be found here: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-056.asp