INF: SQL Server 2000 Security Update for Service Pack 1

This article was previously published under Q316426
This article has been archived. It is offered "as is" and will no longer be updated.
This article discusses a security or privacy issue that may affect the operation of your computer. The information in this article is provided "as-is" without warranty of any kind. The workaround or hotfix that is described in this article addresses the issue as it is currently understood, but may not protect against any undiscovered variants of this issue. Microsoft recommends that you apply this cumulative patch or implement the workaround if one is provided.
Microsoft now distributes SQL Server security fixes as one download file. Because the security fixes are cumulative, each new release contains all of the security fixes that were included with the previous SQL Server security fix release. This Microsoft Knowledge Base article contains a list of all the security fixes that are available for SQL Server 2000 Service Pack 1 (SP1).
SQL Server Security Fixes

Non-Sysadmin User Can Execute XP_CMDSHELL If SQL Agent Proxy Account Revoked - Released January 29, 2002

After using SQL Server Enterprise Manager to disable the non-sysadmin Job Step Proxy Account:
  • Non-Sysadmin users can still successfully execute the xp_cmdshell command.

  • Jobs that use xp_cmdshell owned by non-sysadmin users, still successfully execute.

Workaround for this Issue

Do not disable the SQL Server Agent Proxy Account in SQL Enterprise Manager. Instead, disable the SQL Server Agent Proxy Account by using the following Transact-SQL batch:

EXECUTE msdb.dbo.sp_set_sqlagent_properties @sysadmin_only = 1goset noexec off set parseonly off goEXECUTE master.dbo.xp_sqlagent_proxy_account 'DEL' go				

SQL Server Text Formatting Functions Contain Unchecked Buffers - Released December 20, 2001

SQL Server 2000 provides a number of functions that enable database queries to generate text messages. In some cases, the functions create a text message and store it in a variable; in others, the functions directly display the message. Microsoft discovered a vulnerability with these functions.

Use of an invalid format type character may allow SQL Server to overwrite an internal buffer that may overwrite an address in the SQL Server process space with arbitrary data. If SQL Server overwrites an address in the SQL Server process space with arbitrary data, SQL Server may potentially allow you to execute arbitrary code within SQL Server or the SQL Server process may abnormally terminate.

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How To Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

After you install the fix, the file version of Xpstar.dll should be 8.00.475 or later, and the file version of Sqlservr.exe should be 8.00.428 or later.
For additional information about these security fixes, click the article numbers below to view the articles in the Microsoft Knowledge Base:
304850 FIX: SQL Server Text Formatting Functions Contain Unchecked Buffers
Microsoft Security Bulletin MS01-060

Article ID: 316426 - Last Review: 10/24/2013 09:25:24 - Revision: 3.4

Microsoft SQL Server 2000 Service Pack 1

  • kbnosurvey kbarchive kbdownload kbinfo KB316426