October 3, 2002 at 9:16 am
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS02-056.asp
This cumulative patch eliminates 4 vulnerabilities. 1 is Dave Aitel's "hello" bug - a buffer overflow vulnerability in the authentication procedure announced on August the 1st. Another is for the file overwrite vulnerability discussed on August the 19th here: http://www.nextgenss.com/advisories/mssql-jobs2.txt
The other two issues are 'new' - details should follow shortly.
Due to the nature of the "hello" bug - it requires no uid/pwd - this patch should be applied as soon as is possible.
Checks for the first 2 issues are already in NGSSQuirreL which is currently being updated to cover the other two.
More details on NGSSQuirreL can be found here: http://www.nextgenss.com/software/ngssquirrel.html
Cheers,
David Litchfield
October 3, 2002 at 11:51 am
Hello,
Has anyone installed this patch yet on your servers? We will probably install the patch on our development server first, before tackling the cluster. But I'm trying to see how the patch is going.
Thanks!
Melanie
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply