FYI: CERT MS SQL Server security advisories

Thu, 11 Jul 2002 04:34:59 -0700 

Have fun.

Jochem


-------- Original Message --------
===============================================================================
Security Advisory 
CERT-NL
===============================================================================
Author/Source : Jan Meijer                                  Index  : 
S-02-74
Distribution  : World                                       Page   : 
       1
Classification: External                                    Version: 
       1
Subject       : MS02-035 SQL server installation process
                 may leave passwords on system               Date 
:11-Jul-2002
===============================================================================

By courtesy of the Microsoft Security Response Center we received the 
following
information.

MS02-035 reports a vulnerability in the SQL Server installation process.

This vulnerability may leave passwords on the system after installation.

This advisory provides the location to a patch.

CERT-NL recommends to patch your SQL servers.

For the MSDE 2000 and SQL Server 2000 there is another advisory, 
MS02-034 that
needs your attention as well, though it is less dangerous.  The 
patchlocations
can be found in the advisory:
http://www.microsoft.com/technet/security/bulletin/MS02-034.asp


==============================================================================
Title:      SQL Server Installation Process May Leave Passwords on
             System (Q263968)
Date:       July 10, 2002
Software:   Microsoft SQL Server 7.0, Microsoft Data Engine 1.0
             (MSDE 1.0), or SQL Server 2000
Impact:     Elevation of privilege
Max Risk:   Moderate
Bulletin:   MS02-035

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-035.asp.
- - ----------------------------------------------------------------------



______________________________________________________________________
Signup for the Fusion Authority news alert and keep up with the latest news in 
ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
------------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED] with 
'unsubscribe' in the body or visit the list page at www.houseoffusion.com

Reply via email to