Microsoft KB Archive/316333

= SQL Server 2000 Security Update for Service Pack 2 =

Article ID: 316333

Article Last Modified on 4/19/2007

-

APPLIES TO


 * Microsoft SQL Server 2000 Service Pack 2
 * Microsoft SQL Server 2000 Desktop Engine

-



This article was previously published under Q316333



This article discusses a security or privacy issue that may affect the operation of your computer. The information in this article is provided &quot;as-is&quot; without warranty of any kind. The workaround or hotfix that is described in this article describes the issue as it is currently understood, but may not protect against any undiscovered variants of this issue. Microsoft recommends that you apply this cumulative patch or implement the workarounds if one is provided.



We recommend that you run the latest supported service pack. For more information about how to obtain the latest SQL Server 2000 service pack, click the following article number to view the article in the Microsoft Knowledge Base:

290211 How to obtain the latest SQL Server 2000 service pack

For more information about supported service packs for SQL Server, see the following Microsoft web site:

http://support.microsoft.com/gp/lifesupsps



SUMMARY
Microsoft distributes SQL Server 2000 security fixes as one downloadable file. Because the security fixes are cumulative, each new release contains all the hotfixes and all the security fixes that were included with the previous SQL Server 2000 security fix release. You do not have to install a previous patch before you install the latest one. This Microsoft Knowledge Base article contains a list of all the security fixes that are available for SQL Server 2000 Service Pack 2 (SP2).

These fixes also include any security fixes released for Service Pack 1. For more information about Service Pack 1, see the following article in the Microsoft Knowledge Base:

316426 SQL Server 2000 Security Update for Service Pack 1

Note This cumulative package does not contain the security fixes that are in Microsoft Data Access Components (MDAC) and Analysis Services.

Important: Before you apply the patch, you must install SQL Server 2000 Service Pack 2 (SP2):

SQL Server 2000 Service Pack 2 (SP2)

For additional information about the W32.Slammer worm, visit the following Microsoft web site:

http://www.microsoft.com/technet/security/alerts/slammer.mspx

Resolution
All of the fixes listed in this article are included in SQL Server 2000 Service Pack 3. For information about SQL Server 2000 Service Pack 3, click the following article number to view the article in the Microsoft Knowledge Base:

290211 How to obtain the latest SQL Server 2000 service pack

How to Identify Your SQL Server Service Pack Version and Edition

Use the information in the following Microsoft Knowledge Base article to determine what version of SQL Server you are running:

321185 How to identify your SQL Server service pack version and edition

After you apply this hotfix, when you run SELECT serverproperty('productversion') -or- SELECT @@Version your version of SQL Server must correspond with the installed release. '''

'''Here is a list of recent release dates with their corresponding versions:

February 7, 2003 (re-release with SQL Critical Update)

8.00.679

'''

October 16, 2002'''

8.00.679'''

October 2, 2002

''' 8.00.679

'''August 14, 2002

'''

8.00.665

Note: Here is a list of important notes that are related to these security fixes:  If you are running Microsoft Windows NT Server 4.0 Service Pack 6a, you must apply the hotfix that is described in the following Microsoft Knowledge Base article:

258437 FIX: GetEffectiveRightsFromAcl fails in Service Pack 6

 If you rebuild the master database, you must reapply the script files (*.sql), as described in the Readme.txt file.  In the Repltran.sql and the SecurityHotfix.sql scripts, a table variable using the following statements is declared: declare @nomesgs TABLE (tranid sysname, datalen int, data varbinary(8000), commandtype int, insertdate datetime, orderkey bigint, cmdstate bit) Although the declaration exceeds the maximum row length of 8060 bytes, SQL Server does create the table, and then issues the following warning:

Warning: The table '@nomesgs' has been created but its maximum row size (8306) exceeds the number of bytes per row (8060). INSERT or UPDATE of a row in this table will fail if the resulting row length exceeds 8060 bytes.

This warning is for informational purposes only.  If you do not use the February 7th re-release to install the SQL Critical Update, you must apply the hotfix that is described in the following Microsoft Knowledge Base article:

317748 FIX: Handle leak occurs in SQL Server when service or application repeatedly connects and disconnects with Shared Memory Network Library





MORE INFORMATION
February 7, 2003 Re-release

This re-release of the October 16, 2002 SQL Server 2000 security cumulative package combines the following hotfixes:  Fixes described in Microsoft Security Bulletin MS02-61</li> Patch available in Microsoft Knowledge Base article :

317748 FIX: Handle leak occurs in SQL Server when service or application repeatedly connects and disconnects with Shared Memory Network Library

</li></ul>

These hotfixes are combined into the SQL Critical Update. This Update helps you install security fixes by using a GUI based setup program. By using the SQL Critical Update, you can automate the deployment process of security fixes across your whole organization.

Before you attempt to install these files, please read the important installation instructions in the following Microsoft Knowledge Base article:

330391 SQL Server hotfix installer

To obtain the SQL Critical update, please visit the following Microsoft Web site:

http://www.microsoft.com/technet/archive/security/tools/tools/slammerrea.mspx?mfr=true

Release Date: 07-FEB-2003

For additional information on this release, please read the details for the October 16, 2002 release.

October 16, 2002 Release
This release of the SQL Server 2000 security cumulative package contains the following:
 * SQL Server 7.0 and SQL Server 2000 provide stored procedures that are a collection of Transact-SQL statements. These Transact-SQL statements are stored under a name, and the statements are processed as a group. With one of the stored procedures, low privileged users can run, delete, insert or modify Web tasks.

An attacker who can authenticate to SQL Server can delete all the Web tasks created by other users. Also, the attacker can run existing Web tasks in the context of the creator of the Web task or they can potentially insert their own Web tasks. These Web tasks typically run in the context of the SQL Server Agent service account. This patch includes a fix that removes this vulnerability by correcting the permissions on these objects.

These issues are explained in detail in Microsoft Security Bulletin MS02-061:

http://www.microsoft.com/technet/security/bulletin/MS02-061.mspx

Note If you have previously installed the fix discussed in Microsoft Security Bulletin MS02-056, you can install this fix by completing the following actions: <ol> From the <Installation path for this instance of SQL Server>\Binn folder, make a backup copy of the following file:

Xpweb70.dll

</li> From the hotfix self-extracting archive, copy this file to the <Installation path for this instance of SQL Server>\Binn folder:

Xpweb70.dll

</li> Connect to SQL Server as a member of the system administrator (sa) role or as the sa by using SQL Query Analyzer or the osql utility (Osql.exe), and then run SecurityHotfix.sql.</li></ol>

Note After you apply this hotfix, the ActiveX Data Objects (ADO) recordset is not updateable. This is a known issue. The issue is very specific, and both of the following conditions must be met:   You use a view with concatenated columns. For example: SELECT field1, field2 + &quot;,&quot; + field3 AS myField from... </li> You use a SELECT statement that has more than one (1) LEFT OUTER JOIN and the LEFT OUTER JOIN includes columns from the view.</li></ul>

The error message that you receive when you try to update the ADO recordset is:

Insufficient key column information for updating

The following files are available for download from the Microsoft Download Center:

English: Download 8.00.0686_enu.exe now

Chinese (Simplified): Download 8.00.0686_chs.exe now

Chinese (Traditional): Download 8.00.0686_cht.exe now

French: Download 8.00.0686_frn.exe now

German: Download 8.00.0686_ger.exe now

Italian: Download 8.00.0686_ita.exe now

Japanese: Download 8.00.0686_jpn.exe now

Korean: Download 8.00.0686_kor.exe now

Spanish: Download 8.00.0686_esn.exe now

Release Date: OCT-16-2002

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

The English version of this fix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel. <pre class="fixed_text">  Date           Version          Size              File name --

08/30/2002                       786,432 bytes   Distmdl.ldf 08/30/2002                     2,359,296 bytes   Distmdl.mdf 12/02/2001                         1,652 bytes   EULA.txt 07/02/2002    2000.80.650.0      107,088 bytes   Impprov.dll 07/19/2002                       774,516 bytes   Instdist.sql 08/20/2002    2000.80.679.0      111,172 bytes   Logread.exe 04/06/2002    2000.80.606.0       62,024 bytes   Odsole70.dll 01/02/2002                        18,185 bytes   Qfe356326.sql 07/09/2002                         3,672 bytes   Qfe360814_dist.sql 08/20/2002    2000.80.679.0      135,748 bytes   Qrdrsvc.exe 08/26/2002    2000.80.679.0      406,088 bytes   Rdistcom.dll 10/10/2002                        15,479 bytes   Readme.txt 10/03/2001                       437,302 bytes   Replcom.sql 08/20/2002    2000.80.679.0      152,136 bytes   Replmerg.exe 11/19/2001                       993,945 bytes   Replmerg.sql 10/03/2001                       986,906 bytes   Replsys.sql 10/03/2001                       881,228 bytes   Repltran.sql 08/26/2002    2000.80.679.0      283,208 bytes   Rinitcom.dll 09/16/2002                       390,045 bytes   SecurityHotfix.sql 07/26/2002    2000.80.664.0       25,152 bytes   Servpriv.exe 08/26/2002    2000.80.679.0       28,672 bytes   Sqlagent.dll 08/26/2002    2000.80.679.0      311,872 bytes   Sqlagent.exe 08/28/2002    2000.80.679.0       49,152 bytes   Sqlagent.rll 08/26/2002    2000.80.679.0       53,824 bytes   Sqlcmdss.dll 08/28/2002    2000.80.679.0       12,288 bytes   Sqlcmdss.rll 08/26/2002    2000.80.679.0    7,467,092 bytes   Sqlservr.exe 08/26/2002                    12,633,088 bytes   Sqlservr.pdb 08/26/2002    2000.80.679.0       82,492 bytes   Ssnetlib.dll 01/04/2002                        18,130 bytes   Uninstall.sql 04/06/2002    2000.80.606.0       70,208 bytes   Xplog70.dll 04/06/2002    2000.80.606.0       53,828 bytes   Xpqueue.dll 04/06/2002    2000.80.606.0      156,228 bytes   Xprepl.dll 07/11/2002    2000.80.658.0      279,104 bytes   Xpstar.dll 09/16/2002    2000.80.686.0       98,872 bytes   Xpweb70.dll

October 2, 2002 Release
This release of the SQL Server 2000 security cumulative package contains the following:  A revocation of support for clients that send SQL Server version 7.0, or later, tabular data streams (TDS) in big-endian format.

Note Microsoft does not know of a commercially available product that sends TDS 7.0, or later, data streams to SQL Server in big-endian format.</li> A revocation of public access on an extended stored procedure.</li> A fix for the escalation of privileges vulnerability on certain stored procedures.</li> A fix for an unchecked buffer in SQL Server 2000 Database Console Commands (DBCCs).</li> A fix related to the checking of a registry key that determines access to OLE DB providers through the OPENROWSET or the OPENDATASOURCE function.

Potential backward-compatibility issues with this fix are explained in the following Microsoft Knowledge Base article:

328569 FIX: Ad hoc access incorrectly permitted if DisallowAdhocAccess registry key is missing

</li></ul>

These issues are explained in detail in Microsoft Security Bulletin MS02-056:

http://www.microsoft.com/technet/security/bulletin/MS02-056.mspx

Note After you apply this hotfix, an ActiveX Data Objects (ADO) recordset is not updateable. This is a known issue. The issue is very specific, and both of the following conditions must be met:   You use a view with concatenated columns. For example: SELECT field1, field2 + &quot;,&quot; + field3 AS myField from... </li> <li>You use a SELECT statement that has more than one (1) LEFT OUTER JOIN and the LEFT OUTER JOIN includes columns from the view.</li></ul>

The error message that you receive when you try to update the ADO recordset is:

Insufficient key column information for updating

The following files are available for download from the Microsoft Download Center:

English: Download 8.00.0679_enu.exe now

Chinese (Simplified): Download 8.00.0679_chs.exe now

Chinese (Traditional): Download 8.00.0679_cht.exe now

French: Download 8.00.0679_frn.exe now

German: Download 8.00.0679_ger.exe now

Italian: Download 8.00.0679_ita.exe now

Japanese: Download 8.00.0679_jpn.exe now

Korean: Download 8.00.0679_kor.exe now

Spanish: Download 8.00.0679_esn.exe now

Release Date: OCT-2-2002

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

The English version of this fix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel. <pre class="fixed_text">  Date           Version          Size              File name --

08/30/2002                       786,432 bytes   Distmdl.ldf 08/30/2002                     2,359,296 bytes   Distmdl.mdf 07/02/2002                         1,652 bytes   EULA.txt 07/02/2002    2000.80.650.0      107,088 bytes   Impprov.dll 07/19/2002                       772,825 bytes   Instdist.sql 08/20/2002    2000.80.679.0      111,172 bytes   Logread.exe 04/06/2002    2000.80.606.0       62,024 bytes   Odsole70.dll 01/02/2002                        18,185 bytes   Qfe356326.sql 07/09/2002                         3,672 bytes   Qfe360814_dist.sql 08/20/2002    2000.80.679.0      135,748 bytes   Qrdrsvc.exe 08/26/2002                       406,088 bytes   Rdistcom.dll 09/11/2002                        15,481 bytes   Readme.txt 10/03/2001                       437,302 bytes   Replcom.sql 08/20/2002                       152,136 bytes   Replmerg.exe 11/19/2001                       993,945 bytes   Replmerg.sql 10/03/2001                       986,906 bytes   Replsys.sql 10/03/2001                       881,228 bytes   Repltran.sql 08/26/2002                       283,208 bytes   Rinitcom.dll 08/29/2002                       389,520 bytes   SecurityHotfix.sql 07/26/2002                        25,152 bytes   Servpriv.exe 08/26/2002                        28,672 bytes   Sqlagent.dll 08/26/2002                       311,872 bytes   Sqlagent.exe 08/28/2002                        49,152 bytes   Sqlagent.rll 08/26/2002                        53,824 bytes   Sqlcmdss.dll 08/28/2002                        12,288 bytes   Sqlcmdss.rll 08/26/2002    2000.80.679.0    7,467,092 bytes   Sqlservr.exe 08/26/2002                    12,633,088 bytes   Sqlservr.pdb 08/26/2002    2000.80.679.0       82,492 bytes   Ssnetlib.dll 01/04/2002                        18,130 bytes   Uninstall.sql 04/06/2002    2000.80.606.0       70,208 bytes   Xplog70.dll 04/06/2002    2000.80.606.0       53,828 bytes   Xpqueue.dll 04/06/2002                       156,228 bytes   Xprepl.dll 07/11/2002                       279,104 bytes   Xpstar.dll 04/06/2002                        98,872 bytes   Xpweb70.dll

Note If you are installing this hotfix on a computer that has Microsoft SQL Server 2000 Enterprise Edition with clustering enabled, follow these steps: <ol> <li>Install Microsoft SQL Server 2000 Service Pack 2. Do not continue with the installation until you successfully install SQL Server 2000 Service Pack 2.</li> <li>Move to a node of the cluster where an instance of SQL Server is currently not running.</li> <li> Make a backup copy of these files: <pre class="fixed_text">  File name        File location --

Impprov.dll     <%ProgramFiles%>\Microsoft SQL Server\80\COM folder Instdist.sql    <Installation path for this instance of SQL Server>\Install folder Odsole70.dll    <Installation path for this instance of SQL Server>\Binn folder Logread.exe     <%ProgramFiles%>\Microsoft SQL Server\80\COM folder Qrdrsvc.exe     <%ProgramFiles%>\Microsoft SQL Server\80\COM folder Rdistcom.dll    <%ProgramFiles%>\Microsoft SQL Server\80\COM folder Replcom.sql     <Installation path for this instance of SQL Server>\Install folder Replmerg.exe    <%ProgramFiles%>\Microsoft SQL Server\80\COM folder Replmerg.sql    <Installation path for this instance of SQL Server>\Install folder Replsys.sql     <Installation path for this instance of SQL Server>\Install folder Repltran.sql    <Installation path for this instance of SQL Server>\Install folder Rinitcom.dll    <%ProgramFiles%>\Microsoft SQL Server\80\COM folder Sqlagent.dll    <Installation path for this instance of SQL Server>\Binn folder Sqlagent.exe    <Installation path for this instance of SQL Server>\Binn folder Sqlagent.rll    <Installation path for this instance of SQL Server>\Binn\Resources\<Language ID> folder Sqlcmdss.dll    <Installation path for this instance of SQL Server>\Binn folder Sqlcmdss.rll    <Installation path for this instance of SQL Server>\Binn\Resources\<Language ID> folder Sqlservr.exe    <Installation path for this instance of SQL Server>\Binn folder Sqlservr.pdb    <Installation path for this instance of SQL Server>\Binn\Exe folder Ssnetlib.dll    <Installation path for this instance of SQL Server>\Binn folder Xpqueue.dll     <Installation path for this instance of SQL Server>\Binn folder Xprepl.dll      <Installation path for this instance of SQL Server>\Binn folder Xpweb70.dll     <Installation path for this instance of SQL Server>\Binn folder Xplog70.dll     <Installation path for this instance of SQL Server>\Binn folder Xpstar.dll      <Installation path for this instance of SQL Server>\Binn folder </li> <li>Copy the files in the following lists: <ol style="list-style-type: lower-alpha;"> <li>From the hotfix self-extracting archive, copy these files to the <Installation path for this instance of SQL Server>\Binn folder:

Odsole70.dll

Sqlagent.dll

Sqlagent.exe

Sqlcmdss.dll

Sqlservr.exe

Ssnetlib.dll

Xpqueue.dll

Xprepl.dll

Xpstar.dll

Xpweb70.dll

Xplog70.dll

</li> <li>From the hotfix self-extracting archive, copy this file to the <Installation path for this instance of SQL Server>\Binn\Exe folder:

Sqlservr.pdb

</li> <li>From the hotfix self-extracting archive, copy these files to the <%ProgramFiles%>\Microsoft SQL Server\80\COM folder:

Impprov.dll

Rdistcom.dll

Replmerg.exe

Rinitcom.dll

Logread.exe

Qrdrsvc.exe

</li> <li>From the hotfix self-extracting archive, copy these files to the <Installation path for this instance of SQL Server>\Install folder:

Instdist.sql

Replcom.sql

Replmerg.sql

Replsys.sql

Repltran.sql

</li> <li>From the hotfix self-extracting archive, copy these files to the <Installation path for this instance of SQL Server>\Binn\Resources\<Language ID> folder:

Sqlagent.rll

Sqlcmdss.rll

</li></ol> </li> <li>Run the Servpriv.exe tool from the command prompt. To set the appropriate user rights on the corresponding service registry keys, specify an instance of SQL Server 2000 when you run Servpriv.exe. For more information about Servpriv.exe, see the &quot;Information About Servpriv.exe&quot; section that is located at the end of the Readme.txt file for the hotfix.</li> <li>Failover the instance of SQL Server to the node in which you installed the new binaries.</li> <li>Repeat steps 3 through 5 on the remaining nodes in the cluster.</li> <li>Connect to SQL Server as a member of the system administrator (sa) role or as the sa by using SQL Query Analyzer or the osql utility (Osql.exe), and then run Qfe356326.sql and SecurityHotfix.sql.</li> <li>If this server is used with replication, and if you have distribution databases, connect as a member of the system administrator (sa) role or as the sa by using SQL Query Analyzer or the osql utility (Osql.exe). Switch to the context of each distribution database in turn, and then run Qfe360814_dist.sql.</li> <li>Move to the node of the cluster where the instance of SQL Server is currently running, and then follow these steps: <ol style="list-style-type: lower-alpha;"> <li>Make a backup copy of these files from the <Data path for this instance of SQL Server>\Data folder:

Distmdl.ldf

Distmdl.mdf

</li> <li>From the hotfix self-extracting archive, copy these files to the <Data path for this instance of SQL Server>\Data folder:

Distmdl.ldf

Distmdl.mdf

</li></ol>

Note The standard hotfix installation steps are in the Readme.txt file that is included with the hotfix.</li></ol>

August 14, 2002 Release
This release of the SQL Server 2000 security cumulative package contains the following: <ul> <li>A fix for the escalation of privileges vulnerability by setting permissions on the extended stored procedures in questions so that only administrators can invoke them. -and-</li> <li>These updates to Servpriv.exe: <ul> <li>The ability to run in an unattended mode.</li> <li>The ability to detect the correct service pack for Microsoft Data Engine (MSDE) so that Servpriv.exe will run.</li></ul> </li> <li>The fixes described in Microsoft Security Bulletin MS02-039:

http://www.microsoft.com/technet/security/bulletin/MS02-039.mspx

</li></ul>

These issues are explained in detail in Microsoft Security Bulletin MS02-043:

http://www.microsoft.com/technet/security/bulletin/MS02-043.mspx

The following files are available for download from the Microsoft Download Center:

Note Before you apply the fix, read the Readme.txt file that is in the package.

English: Download 8.00.0667_enu.exe now

Chinese (Simplified): Download 8.00.0667_chs.exe now

Chinese (Traditional): Download 8.00.0667_cht.exe now

French: Download 8.00.0667_frn.exe now

German: Download 8.00.0667_ger.exe now

Italian: Download 8.00.0667_ita.exe now

Japanese: Download 8.00.0667_jpn.exe now

Korean: Download 8.00.0667_kor.exe now

Spanish: Download 8.00.0667_esn.exe now

Release Date: AUG-14-2002

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

The English version of this fix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel. <pre class="fixed_text">  Date           Version          Size              File name

11/19/2001                       786,432 bytes   Distmdl.ldf 11/19/2001                     2,359,296 bytes   Distmdl.mdf 12/02/2001                         1,652 bytes   EULA.txt 07/02/2002    2000.80.650.0      107,088 bytes   Impprov.dll 11/11/2001                       772,825 bytes   Instdist.sql 04/06/2002    2000.80.606.0       62,024 bytes   Odsole70.dll 01/02/2002                        18,185 bytes   Qfe356326.sql 07/09/2002                         3,672 bytes   Qfe360814_dist.sql 08/08/2002                        12,804 bytes   Readme.txt 10/03/2001                       437,302 bytes   Replcom.sql 11/19/2001                       993,945 bytes   Replmerg.sql 10/03/2001                       986,906 bytes   Replsys.sql 10/03/2001                       881,228 bytes   Repltran.sql 07/24/2002                        99,461 bytes   SecurityHotfix.sql 07/26/2002    2000.80.664.0       25,152 bytes   Servpriv.exe 07/29/2002    2000.80.665.0     7,462,996 bytes  Sqlservr.exe 07/29/2002                     12,633,088 bytes  Sqlservr.pdb 06/03/2002    2000.80.636.0       82,492 bytes   Ssnetlib.dll 01/04/2002                        18,130 bytes   Uninstall.sql 04/06/2002    2000.80.606.0       70,208 bytes   Xplog70.dll 04/06/2002    2000.80.606.0       53,828 bytes   Xpqueue.dll 04/06/2002    2000.80.606.0      156,228 bytes   Xprepl.dll 07/11/2002    2000.80.658.0      279,104 bytes   Xpstar.dll 04/06/2002    2000.80.606.0       98,872 bytes   Xpweb70.dll Note This security hotfix contains some older files that were included with the Service Pack. These files are required if you have to rebuild the master database or the distribution database. The fixes to resolve the security issues are still included in this hotfix. After you rebuild the master or the distribution databases, you must reapply this security QFE.

If you applied security patch 665, the following files, which are contained in this 667 hotfix, will be newer than the ones you have on your server: <pre class="fixed_text">  Date         Size              File name

11/19/2001    786,432 bytes   Distmdl.ldf 11/19/2001  2,359,296 bytes   Distmdl.mdf 11/11/2001    772,825 bytes   Instdist.sql 10/03/2001    437,302 bytes   Replcom.sql 11/19/2001    993,945 bytes   Replmerg.sql 10/03/2001    986,906 bytes   Replsys.sql 10/03/2001    881,228 bytes   Repltran.sql These files from hotfix 665 are dated 07/09/2002. If you apply the 667 hotfix and you receive a message that newer files are being overwritten, click Yes.

July 24, 2002 Release
This release of the SQL Server 2000 security cumulative package contains the following fixes:
 * Unchecked Buffer in SQL Server 2000 Database Console Command (DBCCs).
 * SQL Injection that occurs in two stored procedures used in replication.

These issues are explained in detail in Microsoft Security Bulletin MS02-038:

http://www.microsoft.com/technet/security/bulletin/MS02-038.mspx

The following files are available for download from the Microsoft Download Center:

Note Before you apply the fix, read the Readme.txt file that is in the package.

English: Download 8.00.0655_enu.exe now

Chinese (Simplified): Download 8.00.0655_chs.exe now

Chinese (Traditional): Download 8.00.0655_cht.exe now

French: Download 8.00.0655_frn.exe now

German: Download 8.00.0655_ger.exe now

Italian: Download 8.00.0655_ita.exe now

Japanese: Download 8.00.0655_jpn.exe now

Korean: Download 8.00.0655_kor.exe now

Spanish: Download 8.00.0655_esn.exe now

Release Date: JUL-24-2002

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

The English version of this fix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel. <pre class="fixed_text">  Date         Time  Version        Size               File name

07/09/2002 14:35                    786,432 bytes   Distmdl.ldf 07/09/2002 14:35                  2,359,296 bytes   Distmdl.mdf 12/02/2001 21:14                      1,652 bytes   EULA.txt 07/02/2002 08:35  2000.80.650.0     107,088 bytes   Impprov.dll 07/09/2002 13:33                    773,140 bytes   Instdist.sql 04/06/2002 19:08  2000.80.606.0      62,024 bytes   Odsole70.dll 01/02/2002 18:59                     18,185 bytes   Qfe356326.sql 07/09/2002 13:33                      3,672 bytes   Qfe360814_dist.sql 07/10/2002 17:32                     12,074 bytes   Readme.txt 07/09/2002 13:33                    438,669 bytes   Replcom.sql 07/09/2002 13:41                    994,124 bytes   Replmerg.sql 07/09/2002 13:33                    992,924 bytes   Replsys.sql 07/09/2002 11:50                     98,300 bytes   SecurityHotfix.sql 06/13/2002 08:33                     25,152 bytes   Servpriv.exe 07/03/2002 18:45  2000.80.655.0   7,458,897 bytes   Sqlservr.exe 07/03/2002 18:45                 12,624,896 bytes   Sqlservr.pdb 01/04/2002 17:12                     18,130 bytes   Uninstall.sql 04/06/2002 19:08  2000.80.606.0      70,208 bytes   Xplog70.dll 04/06/2002 19:08  2000.80.606.0      53,828 bytes   Xpqueue.dll 04/06/2002 19:08  2000.80.606.0     156,228 bytes   Xprepl.dll 07/11/2002 18:00  2000.80.658.0     279,104 bytes   Xpstar.dll 04/06/2002 19:08  2000.80.606.0      98,872 bytes   Xpweb70.dll

July 10, 2002 Release
This release of the SQL Server 2000 security cumulative package contains the following fixes:

322853 FIX: SQL Server grants unnecessary permissions or an encryption function contains unchecked buffers

For more information about this vulnerability, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/ms02-034.mspx

The following files are available for download from the Microsoft Download Center:

English: Download 8.00.0650_enu.exe now

Chinese (Simplified): Download 8.00.0650_chs.exe now

Chinese (Traditional): Download 8.00.0650_cht.exe now

French: Download 8.00.0650_frn.exe now

German: Download 8.00.0650_ger.exe now

Italian: Download 8.00.0650_ita.exe now

Japanese: Download 8.00.0650_jpn.exe now

Korean: Download 8.00.0650_kor.exe now

Spanish: Download 8.00.0650_esn.exe now

Release Date: JUL-10-2002

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

The English version of this fix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel. <pre class="fixed_text">  Date         Time     Version        Size              File name

02-Dec-2001  21:14                      1,652 bytes   EULA.txt 02-Jul-2002  08:35   2000.80.650.0    107,088 bytes   Impprov.dll 06-Apr-2002  19:08   2000.80.606.0     62,024 bytes   Odsole70.dll 02-Jan-2002  18:59                     18,185 bytes   Qfe356326.sql 17-Jun-2002  10:31                        857 bytes   qfe356938.sql 10-Jul-2002  17:21                      9,594 bytes   Readme.txt 13-Jun-2002  08:33                     25,152 bytes   Servpriv.exe 28-Jun-2002  09:52                  7,454,801 bytes   Sqlservr.exe 28-Jun-2002  09:52                 12,616,704 bytes   Sqlservr.pdb 04-Jan-2002  17:12                     18,130 bytes   Uninstall.sql 06-Apr-2002  19:08   2000.80.606.0     70,208 bytes   Xplog70.dll 06-Apr-2002  19:08   2000.80.606.0     53,828 bytes   Xpqueue.dll 06-Apr-2002  19:08   2000.80.606.0    156,228 bytes   Xprepl.dll 14-May-2002  20:41   2000.80.628.0    279,104 bytes   Xpstar.dll 06-Apr-2002  19:08   2000.80.606.0     98,872 bytes   Xpweb70.dll

April 17, 2002 Release
This release of the SQL Server 2000 security cumulative package contains the following fix:

319507 FIX: SQL extended procedure functions contain unchecked buffers

For more information about this vulnerability, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/MS02-020.mspx

The following files are available for download from the Microsoft Download Center:

English: Download 8.00.0608_SQL2K_sp2_x86_enu.exe now

Chinese (Simplified): Download 8.00.0608_SQL2K_sp2_x86_chs.exe now

Chinese (Traditional): Download 8.00.0608_SQL2K_sp2_x86_cht.exe now

French: Download 8.00.0608_SQL2K_sp2_x86_frn.exe now

German: Download 8.00.0608_SQL2K_sp2_x86_ger.exe now

Italian: Download 8.00.0608_SQL2K_sp2_x86_ita.exe now

Japanese: Download 8.00.0608_SQL2K_sp2_x86_jpn.exe now

Korean: Download 8.00.0608_SQL2K_sp2_x86_kor.exe now

Spanish: Download 8.00.0608_SQL2K_sp2_x86_esn.exe now

Release Date: APR-17-2002

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

The English version of this fix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel. <pre class="fixed_text">  Date         Time   Version        Size       File name ---

07-Apr-2002 02:08  2000.80.606.0     62,024  Odsole70.dll 03-Jan-2002 01:59                    18,185  Qfe356326.sql 06-Apr-2002 00:20                       524  Qfe356938.sql 10-Apr-2002 22:32  2000.80.608.0  7,454,801  Sqlservr.exe 05-Jan-2002 00:12                    18,130  Uninstall.sql 07-Apr-2002 02:08  2000.80.606.0     70,208  Xplog70.dll 07-Apr-2002 02:08  2000.80.606.0     53,828  Xpqueue.dll 07-Apr-2002 02:08  2000.80.606.0    156,228  Xprepl.dll 11-Apr-2002 00:14  2000.80.608.0    279,104  Xpstar.dll 07-Apr-2002 02:08  2000.80.606.0     98,872  Xpweb70.dll

For additional information about a separate cumulative security patch for SQL Server 7.0, click the following article numbers to view the articles in the Microsoft Knowledge Base:

327068 SQL Server 7.0 Security Update for Service Pack 4

318268 SQL Server 7.0 Security Update for Service Pack 3

Comments about this or other Microsoft SQL Server Knowledge Base articles? Drop us a note at [mailto:sqlkb@microsoft.com?Subject=Q316333 Q316333].

Additional query words: security_patch

Keywords: kbhotfixserver atdownload kbdownload kbfix kbinfo kbqfe kbsecurity kbsqlserv2000presp3fix kbsqlserv2000sp3fix KB316333

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.