A few days ago, Microsoft released a security bulletin saying that two security defects in SQL Server make it vulnerable to DOS
Microsoft pointed out that both SQL Server 2000 and SQL Server 7.0 are affected by these two security defects.
The two security defects are mainly related to the ways in which SQL Server creates and displays text information after receiving the request.
The first and most serious defect is that after the operation of the function generated by the restricted text size text fails
A memory overflow fault occurs, allowing hackers to execute malicious code in the system. The extent to which hackers are harmful to the system and
The system administrator Configures system security parameters. In the worst case, hackers can "obtain the right Database
To control the server, you can "add, delete, or change data in the database, or even reconfigure the operating system,
The second security defect is related to the C runtime library function for formatting text strings. In Windows NT 4.0,
When running on Windows 2000 or Windows XP, database software calls these strings. Microsoft pointed out that this security shortage
The database system may be vulnerable to DoS attacks. When the function that accepts formatted strings for printing is using these characters
When the strings are not correctly confirmed before they are valid, it may lead to a "formatted string" security defect.
Microsoft recommends that the first complement be installed for all systems running SQL Server 7.0 and SQL Server 2000.
Ding program. Only systems that are highly vulnerable to attacks need to install the second patch because it still has defects.
Microsoft recommends that you wait for the release of the next SQL Server Service Package