Re: Microsoft Security Bulletin MS02-061

From: Jay (jay4050@hotmail.com)
Date: 10/17/02 

From: "Jay" <jay4050@hotmail.com>
Date: Thu, 17 Oct 2002 10:23:05 -0400

we have already installed cumulative security patch metnioned in security
Bulletin MS02-061 (Q316333) and all of our servers show version Microsoft
SQL Server 2000 - 8.00.679 (Intel X86). nonetheless, i downloaded the patch
and compared the individual file versions and their last modified dates with
the those files in our production servers and they are same except for
xpweb70.dll, we have file version 2000.80.606.0 and the file in patch has
version 2000.80.686.0. Can we just replace this file from the patch? or we
still need to install the whole patch or is there a smaller version of the
patch available to fix the new found vulenerabilty with webtasks
stored/extended procedures?

TIA

"Jerry Bryant [MS]" <jbryant@online.microsoft.com> wrote in message
news:Ov4GQ7YdCHA.2092@tkmsftngp10...
> Title: Elevation of Privilege in SQL Server Web Tasks (Q316333)
> Date: 10/16/2002
> Software: Microsoft SQL Server 7.0; Microsoft SQL Server 2000
> Impact: Elevation of privilege
> Maximum Severity Rating: Critical
> Bulletin: MS02-061
>
> The Microsoft Security Response Center has released Microsoft Security
> Bulletin MS02-061
>
> What Is It?
> The Microsoft Security Response Center has released Microsoft Security
> Bulletin MS02-061 which concerns a vulnerability in Microsoft SQL Server
7.0
> & 2000. Customers are advised to review the information in the bulletin
and
> test and deploy the patch in their environments, if applicable.
>
> More information is now available at
> http://www.microsoft.com/technet/security/bulletin/MS02-061.asp
> If you have any questions regarding the patch or its implementation after
> reading the above listed bulletin you should contact Product Support
> Services in the United States at 1-866-PCSafety (1-866-727-2338) or post
in
> this newsgroup. International customers should contact their local
> subsidiary.
>
> --
> Regards,
>
> Jerry Bryant - MCSE, MCDBA
> Microsoft IT Communities
>
> Get Secure! www.microsoft.com/security
>
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>

Relevant Pages

  • Re: Immediate Logoff
    ... What I am saying is that there is no magic button that MSFT can push to fix the problem unless you can give them some information, ... Microsoft MVP - Terminal Server ... however think it is ironic how it happened from a patch. ... Do you know where I can report this to Microsoft for free? ...
    (microsoft.public.windows.terminal_services)
  • Re: Immediate Logoff
    ... Do you know where I can report this to Microsoft for free? ... > "To me it seems Microsoft locked it down with there patch". ... > "I was lucky to that I was able to get it working by adding the group to the local admin group on the server." ... I was lucky to> that I was able to get it working by adding the group to the local admin> group on the server. ...
    (microsoft.public.windows.terminal_services)
  • Re: Q822925 problem
    ... Here's a link to the bulletin for this patch, ... Microsoft originally issued this bulletin on August 20th, ... systems that are configured as web servers serving ASP.NET web pages and ...
    (microsoft.public.security)
  • Re: Q822925 problem
    ... Here's a link to the bulletin for this patch, ... Microsoft originally issued this bulletin on August 20th, ... systems that are configured as web servers serving ASP.NET web pages and ...
    (microsoft.public.security)
  • Microsoft Security Bulletin MS02-028
    ... Microsoft encourages customers to review the Security Bulletin at: ... This patch eliminates a newly discovered vulnerability affecting Internet ...
    (microsoft.public.security)