News

SQL Server 7.0 Bug Fixed

A security vulnerability in Microsoft SQL Server 7.0 that could cause the database server to crash has been discovered and remedied.

If a specially malformed TDS packet is sent to a SQL Server, it can cause the SQL service to crash. The vulnerability would not allow any inappropriate access to the data on the server, nor would it allow a malicious user to usurp any administrative control on the machine. An affected machine could be put back into service by restarting the SQL service. This vulnerability could be remotely exploited if port 1433 were open at the firewall.

Microsoft SQL Server 7.0 is affected by this vulnerability. The Intel version of the patch is available at http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16923 and the Alpha version is available at http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16924. The patch does not locate the SQL folder and install the patched files into it. The user must copy the three files contained in it to the MSSQL7/BINN folder. -- Isaac Slepner

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Feds Takes Action Against Russian Firms for Spying

    The U.S. Department of the Treasury has issued sanctions against Russia and a handful of Russian organizations for spying and other cyberactivities.

  • Microsoft Previews 64-Bit OneDrive Client for Windows 10

    A preview of a 64-bit OneDrive client for x64 Windows 10 systems is now available for work, school or home users.

  • The 2021 Microsoft Product Roadmap

    From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.

  • Microsoft Adds Data Loss Prevention Alerts to Compliance Toolbox

    The latest part of Microsoft's overall compliance tooling is its Data Loss Prevention Alerts Dashboard, now generally available.