SQL Server Security Patch

SQL Server 7.0 and SQL Server 2000 Security Patch: Extended Stored Procedures Vulnerability

This patch eliminates a security vulnerability in Microsoft® SQL Server® 7.0 and Microsoft SQL Server 2000.  The flaw in SQL Server might allow a memory buffer allocated on the stack to be overwritten with arbitrary data, potentially allowing an attacker to execute arbitrary code in the SQL Server process space. This arbitrary code might be used for purposes as simple as shutting down the server to as complex as spawning a different process that might be used to take control of the server. 

For More Information:

       Security Bulletin:

       http://www.microsoft.com/technet/security/bulletin/ms00-092.asp

 

       Knowledge Base Article:

http://support.microsoft.com/support/kb/articles/Q280/3/80.ASP

  • Release Date – 28 November 2000

System Requirements

  • SQL Server 7.0 Service Pack 2 (SP2) or SQL Server 2000

  • Computer with an Alpha or Intel-based processor

  • 1 MB free disk space to download, extract, and run the patch

  • Operating System - Windows 95 & 98, Windows Millennium, Windows NT 4.0, and Windows 2000

IMPORTANT DOWNLOAD INSTRUCTIONS  

  1. Locate your platform in the following list, then click the link and select Save This Program to Disk to copy the downloadable file to your computer for installation at a later time.

  2. Extract the patch by running the self-extracting executable file. During the extraction process, you will be asked to specify a destination directory.  Read the readme.txt file included in the package for detailed information on how to apply the fix.

    NOTES:

    • The downloadable packages contain a Readme.txt file that explains how to apply the patch. This Readme.txt incorrectly states that the Replres.dll file is located in the \MSSQL7\BINN directory. For a SQL Server 7.0 installation, Replres.dll is located in the \Program Files\Common Files\Microsoft Shared\Database Replication directory. Therefore, when the Readme.txt instructs you to make a backup copy of Replres.dll, locate the file in the \Program Files\Common Files\Microsoft Shared\Database Replication directory. Copy the new Replres.dll file to this directory as well.

    • You must run the Alpha version of the executable on an Intel-based system to extract the necessary files.

Available patches

SQL Server 7.0 Patches

English

S70918a.exe (Alpha)

S70918i.exe (Intel)

 

Japanese

S70918a_jpn.exe (Alpha)

S70918i_jpn.exe (Intel)

 

German

S70918i_ger.exe (Intel)

 

French

S70918i_frn.exe (Intel)

 

Spanish

S70918i_spa.exe (Intel)

 

 

SQL Server 2000 Patches

English

S80233i.exe (Intel)

 

Japanese

S80223i_jpn.exe (Intel)

 

German

S80223i_ger.exe (Intel)

 

French

S80223i_frn.exe (Intel)

 

Spanish

S80223i_spa.exe (Intel)

 

Korean

S80233i_Kor.exe (Intel)

 

Italian

S80233i_Ita.exe (Intel)

 

Chinese Traditional

S80233i_cht.exe (Intel)

 

Chinese Simplified

S80233i_chs.exe (Intel)


Last Reviewed: Wednesday, December 13, 2000