Microsoft Security Bulletin MS02-043
Cumulative Patch for SQL Server (Q316333)
Originally posted: August 14, 2002
Updated: February 28, 2003
Who should read this bulletin:
System administrators using Microsoft® SQL Server™ 7.0 and 2000 and Microsoft Desktop Engine 1.0 and 2000.
Impact of vulnerability:
Elevation of privilege.
Maximum Severity Rating:
System administrators should apply the patch to affected systems.
Note: The patch released with this bulletin is effective in protecting SQL Server 2000 and MSDE 2000 against the "SQL Slammer" worm virus. However, this patch has been superseded by the patch released with MS02-061 which contains fixes for additional security vulnerabilities in these products. Microsoft recommends that SQL 2000 and MSDE 2000 customers apply the patch from MS02-061.
- Microsoft SQL Server 7.0
- Microsoft Desktop Engine (MSDE) 1.0
- Microsoft SQL Server 2000
- Microsoft Desktop Engine (MSDE) 2000
Microsoft thanks Microsoft http://www.microsoft.com/technet/security/bulletin/policy.mspxthe following people for working with us to protect customers:
- David Litchfield of Next Generation Security Software Ltd. for reporting these issues.
- Chip Andrews of www.sqlsecurity.com and Timothy Mullen for reporting additional information on these issues.
- Microsoft Knowledge Base article Q327068 and Q316333 discusses this issue and will be available approximately 24 hours after the release of this bulletin. Knowledge Base articles can be found on the Microsoft Online Support web site.
- Technical support is available from Microsoft Product Support Services. There is no charge for support calls associated with security patches.
Security Resources: The Microsoft TechNet Security Web Site provides additional information about security in Microsoft products.
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
- V1.0 (August 14, 2002): Bulletin Created.
- V1.1 (January 31, 2003): Updated to advise of supercedence by MS02-061 and clarify installation order when Hotfix 317748 is applied in conjunction with this security patch.
- V1.2 (February 28, 2003): Updated "Additional information about this patch" section.