Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Database
    • Database

    Microsoft Uncovers SQL Server Vulnerabilities

    By
    DENNIS FISHER
    -
    December 21, 2001
    Share
    Facebook
    Twitter
    Linkedin

      Topping off what can only be described as a disastrous week for the security of its products, Microsoft Corp. on Thursday night said it has discovered two vulnerabilities in the two most recent versions of its popular SQL Server database software.

      Four separate patches are available for these flaws on the Microsoft Security Web site.

      This is the third security bulletin that Microsoft has issued in the last week. On Dec. 14, the company warned of three flaws in various versions of Internet Explorer that enable attackers to execute random files on a users machine and read and delete other files.

      And on Dec. 20, Microsoft disclosed a serious vulnerability in its Windows XP operating system that enables an attacker to gain complete control of a vulnerable machine.

      The more serious of the two SQL Server vulnerabilities is a buffer overrun caused by some of the functions in SQL 7.0 and 2000 that generate text messages from database queries. Some of these services dont adequately verify that the messages theyre generating can fit into the buffers that are meant to hold them. As a result, an attacker could run code of his choice in the security context of the SQL Server service or cause the service to fail completely, according to Microsofts advisory.

      SQL can be configured to run in one of several contexts, but runs by default as a domain user.

      The second vulnerability is a format-string vulnerability in the C runtime functions that the SQL Server functions call when its installed on Windows NT 4.0, 2000 or XP. The flaw can be exploited in one of two ways: The attacker can either load and execute a database query that calls one of the affected functions or provide inputs to a Web site or other SQL front end that would accept and process random queries that would call an affected function with the appropriate parameters.

      Either of these scenarios could cause a denial of service in the SQL server.

      Perhaps with some of its recent problems with Outlook-related patches in mind, Microsoft security officials added this unusual warning to the advisory they published on this issue: “The C runtime plays a crucial role in the operating system itself. While we are confident that both patches are well-tested, if there were a regression error in the C runtime, the effects would likely be serious and widespread.”

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×