Microsoft security bulletin MS02-043 features a much-needed cumulative patch for SQL Server 7.0, SQL Server 2000, MSDE 1.0 and MSDE 2000, all of which have been affected by some half a dozen
security holes over the past two months. In addition to fixing all vulnerabilities addressed by earlier patches, the update repairs a new security hole in SQL’s extended stored procedures. By exploiting the flaw, an attacker to run stored procedures on the database with
administrator privileges. MS has rated this a ‘moderate risk’ issue.

(N-Stalker Security Force)