Microsoft KB Archive/299717

= FIX: Query Method Used to Access Data May Allow Rights that the Login Might Not Normally Have =

Article ID: 299717

Article Last Modified on 8/9/2004

-

APPLIES TO


 * Microsoft SQL Server 2000 Standard Edition
 * Microsoft SQL Server 7.0 Standard Edition

-



This article was previously published under Q299717



BUG #: 101692 (SQLBUG_70)

BUG #: 354039 (SHILOH_BUGS)



SYMPTOMS
Logins that use the SQL Server Authentication (Standard) security mode with a particular query method used to access data from an OLE-DB data source may allow rights that the login might not normally have.



SQL Server 2000
To resolve this problem, obtain the latest service pack for SQL Server 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

290211 INF: How to Obtain the Latest SQL Server 2000 Service Pack

If you are running SQL Server 2000 without any Service Packs, the individual hotfix is available from the Microsoft Download Center:

Download SQL Server 2000 patch (s80296i.exe) now

The s80296i.exe file contains the following files:   File name      Size         Date -  Sqlservr.exe   7,458,877    5/22/2001 Sqlservr.pdb  12,510,208   5/22/2001 Readme.txt    4,205        5/22/2001 Release Date: MAY-25-2001

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How To Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

SQL Server 7.0
To resolve this problem, obtain the latest service pack for Microsoft SQL Server 7.0. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

301511 INF: How to Obtain the Latest SQL Server 7.0 Service Pack

NOTE: The following hotfix was created prior to Microsoft SQL Server 7.0 Service Pack 4.

A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that you determine are at risk of attack. Evaluate your computer's physical accessibility, network and Internet connectivity, and other factors to determine the degree of risk to your computer. See the associated Microsoft Security Bulletin to help determine the degree of risk. This fix may receive additional testing. If your computer is sufficiently at risk, Microsoft recommends that you apply this fix now. Otherwise, wait for the next SQL Server 7.0 service pack that contains this fix.

To resolve this problem immediately, download the fix by following the instructions later in this article or contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The following files are available for download from the Microsoft Download Center:

Intel (x86): Download Intel SQL Server 7.0 patch (s70996i.exe) now

Alpha: Download Alpha SQL Server 7.0 patch (s70996a.exe) now

The s70996i.exe (Intel x86) file contains the following files:   File name      Size        Date Sqlservr.exe  5,054,736   5/23/2001 Sqlservr.dbg  4,359,392   5/23/2001 Sqlservr.pdb  3,580,928   5/23/2001 Sqlsort.dll   586,000     1/14/2001 Readme.txt    4,890       5/23/2001 The s70996a.exe (Alpha) file contains the following files:   File name      Size        Date Sqlservr.exe  11,664,656  5/23/2001 Sqlservr.dbg  13,463,184  5/23/2001 Sqlservr.pdb  5,686,272   5/23/2001 Sqlsort.dll   593,169     1/14/2001 Readme.txt    4,874       5/31/2001

Release Date: MAY-25-2001

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How To Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.



WORKAROUND
This workaround should only be used if you cannot upgrade to SQL Server 7.0 Service Pack 3 and are using versions prior to that. For additional information on SP3, click the article number below to view the article in the Microsoft Knowledge Base:

274799 INF: How to Obtain Service Pack 3 for Microsoft SQL Server 7.0

If you are not using replication or do not use or intend to use ad hoc named queries, then you can use the Enterprise Manager (as outlined in the steps that follow) to set an option that nullifies this issue:
 * 1) In Enterprise Manager, click the Security tab under the SQL Server instance.
 * 2) Right-click the Linked Servers to open the General properties tab.
 * 3) Click Provider Options.
 * 4) Select the Disallow Ad Hoc Queries check box.

The preceding steps effectively remove the ability to perform adhoc named queries.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

SQL Server 2000

This problem was first corrected in SQL Server 2000 Service Pack 1.

SQL Server 7.0

This problem was first corrected in Microsoft SQL Server 7.0 Service Pack 4.



MORE INFORMATION
For more information about this vulnerability, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/MS01-032.mspx

Steps to Install the Fix
To install the fix, use these steps:
 * 1) Download the appropriate Microsoft SQL Server fix (s70996i.exe for SQL Server 7.0 running on Intel x86 servers, s70996a.exe for SQL Server 7.0 running on Alpha servers and s80296i.exe for SQL Server 2000) by clicking the link to the file shown in the &quot;Resolution&quot; section.
 * 2) Extract the fix in the downloaded file by running the self-extracting executable file from a Intel based processor computer.
 * 3) Follow the instructions in the Readme.txt file that is included with the downloaded file.

Additional query words: security_patch

Keywords: kbdownload kbbug kbfix kbsqlserv2000sp1fix KB299717

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.