Re: List of extended sprocs that are vulnerable? FW: Microsoft Security Bulletin MS02-020

From: Bronek Kozicki (
Date: 04/19/02

From: "Bronek Kozicki" <>
To: "Toni Lassila" <>
Date: Fri, 19 Apr 2002 08:06:26 +0200

> This MS bulletin mentions several extended stored procedures are
> vulnerable, does anyone have a list or an idea if any of these have by
> default exec permissions for the group 'public'?

As stated on
following ext. procedures are available to 'public':
* xp_mergelineages (MSSQL2K)
* xp_proxiedmetadata (MSSQL2K and MSSQL7)

I verified this on SQL2K - indeed, everyone with access to SQL Server may
use them.

> If this is indeed is the case then the patch is a "must-install" if you
> allow workstations to connect directly and login to your SQL Server.