SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

Security Alert : SQL Server Security Bug and Patch

By Brian Knight,

Happy Holidays database administrators! As a parting present before you go home for your year-end break, Microsoft has announced a security problem in SQL Server 7.0 and 2000. Thanks to the guys at @Stake, who found two vulnerabilities in SQL Server 7.0 and 2000. One of the vulnerabilities allow a buffer in a SQL Server function to be overrun and potentially allow a hacker to have access to files and cause harm to your server. The other vulnerability allows a hacker to issue a denial of service attack on your SQL Server through the C runtime environment.

In the first problem, a hacker could potentially overrun one of SQL Server's buffers in a function and could then impersonate whichever account is starting your SQL Server. After the hacker obtains this access, he could crash your SQL Server or run whichever program he wishes. The second problem allows the hacker to gain partial access to the C runtime environment. After he obtains this access, the most he can do is issue a denial of service attack on your SQL Server, effectively preventing other users from getting into your system. This bug would only effect SQL Servers running Windows NT, 2000 or XP.

The attack is issued through malicious queries that use the problem SQL Server functions. Microsoft has already issued patches last week to address the problem. Since these are two problems essentially, Microsoft has issued two patches. Only apply the patch to fix the problem if you have SQL Server 7.0 SP3 or SQL Server 2000 SP1. The patch has been rolled into SQL Server 2000 SP2. The second patch can be considered much more risky, since it modifies the C environment on your computer, which low-level OS items use. Although I had no problems applying this patch in my testing environment, make sure you test it in your own as well. If a problem does occur in this patch, it could cause your OS to become instable.

This problem can be limited by using best security practices. For example, ensure that the account that starts your SQL Server and SQL Server Agent services has limited authority. Often times, I see this user have administrator rights This bug could really harm systems like that. The likeliness of this causing a problem in your environment can also be limited if you control how your system is queried. For example, by making sure users have a controlled method of querying your system (non-ad hoc), you can lower the risk.

Read more details about the vulnerabilities and download the patches.

Total article views: 6542 | Views in the last 30 days: 0
Related Articles

A Patch Disaster

What would happen if the wrong patches were applied to your database server? The results could be a ...


SP2 Patching

SQL Server SP2 patching process


Patch Problems

A few recent Patch problems have Steve Jones concerned about the directions we are going with softwa...


Patching Problems

Problems with SQL Server after applying the Windows 8.1 update have Steve Jones concerned about soft...


Security Patches

patching SQL Server

sql server 7