MS Issues Four Security Patches, Critical SQL Flaw

By N-Stalker Team on July 25, 2002

Microsoft has released four security bulletins today: one “critical” SQL Server 2000 update and three others of “moderate” severity.

  • MS02-036 – An authentication hole in Metadirectory Services 2.2 which could allow an unprivileged user to change MMS data or configuration.
  • MS02-037 – Buffer overflow affecting Exchange Server 5.5, in the Internet Mail Connector’s handling of the EHLO command response. Aside from mitigating factors, exploits could allow remote code execution with Exchange Service Account privs.
  • MS02-038 – Buffer overflow in SQL Server 2000 and Microsoft Desktop Engine (MSDE)’s Database Consistency Checkers could yield minimal privilege escalation and code execution. Also fixes a SQL Injection vulnerability.
  • MS02-039 – Two remotely exploitable overflows and a denial of service hole in SQL Server 2000’s Resolution Service, which listens on port 1434. An attacker could gain complete control of the server – this is the most critical bulletin.

This entry was posted in Previous Security Advisories. Bookmark the permalink.