News

SQL Server 7.0 Bug Fixed

A security vulnerability in Microsoft SQL Server 7.0 that could cause the database server to crash has been discovered and remedied.

If a specially malformed TDS packet is sent to a SQL Server, it can cause the SQL service to crash. The vulnerability would not allow any inappropriate access to the data on the server, nor would it allow a malicious user to usurp any administrative control on the machine. An affected machine could be put back into service by restarting the SQL service. This vulnerability could be remotely exploited if port 1433 were open at the firewall.

Microsoft SQL Server 7.0 is affected by this vulnerability. The Intel version of the patch is available at http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16923 and the Alpha version is available at http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16924. The patch does not locate the SQL folder and install the patched files into it. The user must copy the three files contained in it to the MSSQL7/BINN folder. -- Isaac Slepner

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft 365 Commercial Users Getting Identity Theft Monitoring

    U.S. subscribers of Microsoft 365 Personal or Microsoft 365 Family editions are now eligible for a new Identity Theft Monitoring service, the company announced this week.

  • The 2022 Microsoft Product Roadmap

    Microsoft has a lot in the docket for 2022, including new products like SQL Server 2022, Exchange Subscription Edition and Visual Studio 2022 for Mac.

  • Report: IT Budgets To Increase Despite Slowdown in Hiring

    A newly published annual report found that 51 percent of IT departments are planning to increase their IT spending next year, even in the face of a possible recession.

  • Microsoft Bolsters 'Employee Experience' with Latest Viva Apps

    Microsoft's Viva suite is getting new apps and enhancements, according to an announcement made on Thursday.