Article ID: 322853 - View products that this article applies to.
This article was previously published under Q322853
This article addresses two issues:
The SQL Server Setup program and SQL Server Enterprise Manager grant unnecessary permissions to the SQL Server service startup account when the account is not a member of the Administrators Users group.
An unchecked buffer exists in an encryption function. A buffer overrun can occur as a result and can be used to either cause the SQL Server service to fail, or to cause code to run in the security context of the server that is running SQL Server.
To resolve this problem, obtain the latest service pack for Microsoft SQL Server 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
290211NOTE: The following fix was created before the release of Microsoft SQL Server 2000 Service Pack 3.
(http://support.microsoft.com/kb/290211/EN-US/ )INF: How To Obtain the Latest SQL Server 2000 Service Pack
To download the fix for these issues, see the following article in the Microsoft Knowledge Base:
316333The downloadable file contains a stand-alone utility named Servpriv.exe. You can use Servpriv.exe to correct the permission problems for the service registry keys. The Readme.txt file in the package has instructions for applying the fixes and for running Servpriv.exe.
(http://support.microsoft.com/kb/316333/EN-US/ )INF: SQL Server 2000 Security Update for Service Pack 2
How to Use Servpriv.exeTo use Servpriv.exe, type the following text on the command line, and then press ENTER:
The instance_name parameter is the name of the SQL Server instance that you want to patch. If you want to patch the default instance, specify MSSQLSERVER (case does not matter); otherwise, specify the name of the SQL Server instance. This utility is designed to only patch SQL Server 2000 installations that are running SQL Server 2000 Service Pack 2, or later. If you are not running SQL Server 2000 Service Pack 2, you must upgrade to SQL Server 2000 Service Pack 2 before you use Servpriv.exe.
Default instance = Servpriv.exe MSSQLServerFor more information about how to use Servpriv.exe, read the Readme.txt file that is included with the download file.
Named instance = Servpriv.exe INST1 where the instance typically connected to is SERVER_NAME\INST1
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
This problem was first corrected in Microsoft SQL Server 2000 Service Pack 3.