MS03-031 patch for Named pipes denial of service bug
From: Mongold, Tom (Tom.Mongold_at_STANDARDREGISTER.COM)
Date: 08/22/03
- Previous message: Russ: "SoBig.F Phase 2 - about to start, or not"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 22 Aug 2003 12:09:00 -0400 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
All,
I've contacted Microsoft regarding a bug included with their patch for
MS03-031 (Named piped hijacking, and denial of Service). This is a SQL
Server post SP3 Cumulative Patch. It brings the SQL Level up to 8.0.818.
upon applying this patch, I found the following issue: When trying to
later a SQL Account (ie add more privileges, or change them...add to
db_datareader , you get prompted to enter new password. What you say? We
didn't just create the account, and therefore should not get prompted to
enter the new password, let alone the original one. There is another
patch for the patch(Q826161), that should bring you up to a patched SQL
level of 8.819....when you run the following query "select
@@Version"...it still returns 8.818, not 8.819....I don't know about the
rest of you, but we have automated scripts, that run nightly, to return
all kinds of info regarding all of our SQL Servers...to include version.
Microsoft has dropped the ball on this one, and I have reported it to
our Microsoft TAM (Technical Accounts Manager). He is looking into the
issue, and I'll keep you all posted as to the outcome.
Tom Mongold
SQL Team Lead
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you
receive this in error, please contact the sender and delete the material
from any computer
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Whatever Happened to Octopus?
LEGATO RepliStor, formerly known as Octopus, delivers breakthrough
replication performance that's 5X faster than the competition in an
independent head-to-head test. Learn how RepliStor uses patented,
asynchronous, real-time replication, to deliver disaster recovery, data
distribution and consolidated backups. It is the first replication solution
to achieve Windows 2003 certification. Get the performance report now.
http://portal1.legato.com/products/replistor/upgrade.cfm
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Previous message: Russ: "SoBig.F Phase 2 - about to start, or not"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
