February 20, 2002 at 7:34 pm
There is a buffer overflow attack using remote data source queries. This affects both SQL Server 7 and 2000. A patch has been made available. Here is the security bulletin:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-007.asp
K. Brian Kelley
http://www.sqlservercentral.com/columnists/bkelley/
K. Brian Kelley
@kbriankelley
February 20, 2002 at 8:01 pm
HELP! I've tried installing the patch, only to find that SQL Server won't start back up. I've had to roll back to the pre-patch files. This also happened with the last buffer overrun patch files. Has this happened to anyone else?
February 20, 2002 at 8:07 pm
Considering this bulletin came out today, I am not sure how many people have had a chance to apply it. I'm going to probably take a look at it in a test environment tomorrow as I saw it's announcement after I left work. One resource is you have available is Microsoft Product Support Services. Because it's related to a security patch, there is no charge for support calls. There's a link contained with the bulletin listing:
http://support.microsoft.com/default.aspx?scid=%2Fdirectory%2Fquestion%2Easp
One caution with these patches is that's Microsoft's recent reputation hasn't been very good. I'm now seeing messages that the February 11 Cumulative Roll-up for IE breaks the VB Listview Object. Most of us still remember the RDP and UPnP patches that took out systems.
K. Brian Kelley
http://www.sqlservercentral.com/columnists/bkelley/
K. Brian Kelley
@kbriankelley
February 20, 2002 at 8:19 pm
Luckily, I have a test and development environment before my standby and production systems, so testing and checking are part of the everyday flow here.
However, I had the same problem with the
20 December 2001,
SQL Server Text Formatting Functions Contain uncheckedBuffers patch.
February 20, 2002 at 8:21 pm
Since it's free, it won't hurt to give MS a call. If there is a real issue with the patch, they'll notice it that much faster. The RDP and UPnP patches that I mentioned were pulled from the site after users complained of issues. They were reissued after they were rebuilt.
K. Brian Kelley
http://www.sqlservercentral.com/columnists/bkelley/
K. Brian Kelley
@kbriankelley
February 21, 2002 at 11:12 am
Hold off if you can. If you feel you must apply the patch TEST IT ON A SECOND server.
Steve Jones
February 21, 2002 at 1:44 pm
Steve,
This is my "TEST" server. If things don't work here, I don't apply patches and fixes to the other SQL servers. (Upgrade/Patch sequence 'Development' -> 'Test' -> 'Standby' -> 'Production')
February 21, 2002 at 2:57 pm
Just making sure everyone else is paying attention. Hopefully others will read this before trying the patch.
Steve Jones
Viewing 8 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic. Login to reply