Sign up for the Security newsletter

Microsoft owns up to "critical" SQL hole

More patches than a quilt in Little Women...

By Joey Gardiner on 25 July 2002 14:50

NEWS Microsoft has discovered "critical" holes in its SQL server product which could allow a malicious attacker to gain control of a machine. The flaw is the most serious one to be fixed in a raft of security patches issued by the software giant today. These include the re-issuing of another "critical" patch - this time for its media player - because the original patch wasn't complete. Microsoft said two of the holes discovered in SQL server were buffer overflow vulnerabilities. One could cause SQL to crash and the other could allow malicious code to be executed. A third vulnerability could allow a denial of service attack to be performed. The vulnerabilities were discovered by David Litchfield of Next Generation Security Software. Microsoft also issued four other patches today, fixing further holes in SQL server, metadirectory services, its SMTP client and the media player. Patches are available at
http://www.microsoft.com/technet

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your silicon.com account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy.

Questions about membership? Find the answers in the Membership FAQ

Get silicon.com's daily newsletter

  • Register on silicon.com

    Enter your email to register

Keep in touch with silicon.com

silicon.com newsletters