Article ID: 316333
Article Last Modified on 4/19/2007
APPLIES TO
- Microsoft SQL Server 2000 Service Pack 2
- Microsoft SQL Server 2000 Desktop Engine
This article was previously published under Q316333
This article discusses a security or privacy issue that may affect the operation of your computer. The information in this article is provided "as-is" without warranty of any kind. The workaround or hotfix that is described in this article describes the issue as it is currently understood, but may not protect against any undiscovered variants of this issue. Microsoft recommends that you apply this cumulative patch or implement the workarounds if one is provided.
We recommend that you run the latest supported service pack. For more information about how to obtain the latest SQL Server 2000 service pack, click the following article number to view the article in the Microsoft Knowledge Base:
290211 How to obtain the latest SQL Server 2000 service pack
For more information about supported service packs for SQL Server, see the following Microsoft web site:
SUMMARY
Microsoft distributes SQL Server 2000 security fixes as one downloadable file. Because the security fixes are cumulative, each new release contains all the hotfixes and all the security fixes that were included with the previous SQL Server 2000 security fix release. You do not have to install a previous patch before you install the latest one. This Microsoft Knowledge Base article contains a list of all the security fixes that are available for SQL Server 2000 Service Pack 2 (SP2).
These fixes also include any security fixes released for Service Pack 1. For more information about Service Pack 1, see the following article in the Microsoft Knowledge Base:
316426 SQL Server 2000 Security Update for Service Pack 1
Note This cumulative package does not contain the security fixes that are in Microsoft Data Access Components (MDAC) and Analysis Services.
Important: Before you apply the patch, you must install SQL Server 2000 Service Pack 2 (SP2):
For additional information about the W32.Slammer worm, visit the following Microsoft web site:
Resolution
All of the fixes listed in this article are included in SQL Server 2000 Service Pack 3. For information about SQL Server 2000 Service Pack 3, click the following article number to view the article in the Microsoft Knowledge Base:
290211 How to obtain the latest SQL Server 2000 service pack
How to Identify Your SQL Server Service Pack Version and Edition
Use the information in the following Microsoft Knowledge Base article to determine what version of SQL Server you are running:
321185 How to identify your SQL Server service pack version and edition
After you apply this hotfix, when you run
SELECT serverproperty('productversion')
-or-
SELECT @@Version
your version of SQL Server must correspond with the installed release.
Here is a list of recent release dates with their corresponding versions:
February 7, 2003 (re-release with SQL Critical Update)
8.00.679
October 16, 2002
8.00.679
October 2, 2002
8.00.679
August 14, 2002
8.00.665
Note: Here is a list of important notes that are related to these security fixes:
- If you are running Microsoft Windows NT Server 4.0 Service Pack 6a, you must apply the hotfix that is described in the following Microsoft Knowledge Base article:
258437 FIX: GetEffectiveRightsFromAcl() fails in Service Pack 6
- If you rebuild the master database, you must reapply the script files (*.sql), as described in the Readme.txt file.
In the Repltran.sql and the SecurityHotfix.sql scripts, a table variable using the following statements is declared:
declare @nomesgs TABLE (tranid sysname, datalen int, data varbinary(8000), commandtype int, insertdate datetime, orderkey bigint, cmdstate bit)
Although the declaration exceeds the maximum row length of 8060 bytes, SQL Server does create the table, and then issues the following warning:
This warning is for informational purposes only.
- If you do not use the February 7th re-release to install the SQL Critical Update, you must apply the hotfix that is described in the following Microsoft Knowledge Base article:
317748 FIX: Handle leak occurs in SQL Server when service or application repeatedly connects and disconnects with Shared Memory Network Library
MORE INFORMATION
February 7, 2003 Re-release
This re-release of the October 16, 2002 SQL Server 2000 security cumulative package combines the following hotfixes:
- Fixes described in Microsoft Security Bulletin MS02-61
- Patch available in Microsoft Knowledge Base article :
317748 FIX: Handle leak occurs in SQL Server when service or application repeatedly connects and disconnects with Shared Memory Network Library
These hotfixes are combined into the SQL Critical Update. This Update helps you install security fixes by using a GUI based setup program. By using the SQL Critical Update, you can automate the deployment process of security fixes across your whole organization.
Before you attempt to install these files, please read the important installation instructions in the following Microsoft Knowledge Base article:
330391 SQL Server hotfix installer
To obtain the SQL Critical update, please visit the following Microsoft Web site:
Release Date: 07-FEB-2003
For additional information on this release, please read the details for the October 16, 2002 release.
October 16, 2002 Release
This release of the SQL Server 2000 security cumulative package contains the following:
- SQL Server 7.0 and SQL Server 2000 provide stored procedures that are a collection of Transact-SQL statements. These Transact-SQL statements are stored under a name, and the statements are processed as a group. With one of the stored procedures, low privileged users can run, delete, insert or modify Web tasks.
An attacker who can authenticate to SQL Server can delete all the Web tasks created by other users. Also, the attacker can run existing Web tasks in the context of the creator of the Web task or they can potentially insert their own Web tasks. These Web tasks typically run in the context of the SQL Server Agent service account. This patch includes a fix that removes this vulnerability by correcting the permissions on these objects.
These issues are explained in detail in Microsoft Security Bulletin MS02-061:
Note If you have previously installed the fix discussed in Microsoft Security Bulletin MS02-056, you can install this fix by completing the following actions:
- From the <Installation path for this instance of SQL Server>\Binn folder, make a backup copy of the following file:
Xpweb70.dll
- From the hotfix self-extracting archive, copy this file to the <Installation path for this instance of SQL Server>\Binn folder:
Xpweb70.dll
- Connect to SQL Server as a member of the system administrator (sa) role or as the sa by using SQL Query Analyzer or the osql utility (Osql.exe), and then run SecurityHotfix.sql.
Note After you apply this hotfix, the ActiveX Data Objects (ADO) recordset is not updateable. This is a known issue. The issue is very specific, and both of the following conditions must be met:
You use a view with concatenated columns. For example:
SELECT field1, field2 + "," + field3 AS myField from...
- You use a SELECT statement that has more than one (1) LEFT OUTER JOIN and the LEFT OUTER JOIN includes columns from the view.
The error message that you receive when you try to update the ADO recordset is:
The following files are available for download from the Microsoft Download Center:
English: ![[GRAPHIC: Download]](/wiki/index.php?title=File:Download.gif){kind=small}
Download 8.00.0686_enu.exe now
Chinese (Simplified): Download 8.00.0686_chs.exe now
Chinese (Traditional): Download 8.00.0686_cht.exe now
French: Download 8.00.0686_frn.exe now
German: Download 8.00.0686_ger.exe now
Italian: Download 8.00.0686_ita.exe now
Japanese: [[%0Ahttp://download.microsoft.com/download/SQLSVR2000/Patch/8.00.0686/W98NT42KMeXP/JA/8.00.0686_jpn.exe|Download 8.00.0686_jpn.exe now]]
Korean: Download 8.00.0686_kor.exe now
Spanish: Download 8.00.0686_esn.exe now
Release Date: OCT-16-2002
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
The English version of this fix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Date Version Size File name
----------------------------------------------------------------------
08/30/2002 786,432 bytes Distmdl.ldf
08/30/2002 2,359,296 bytes Distmdl.mdf
12/02/2001 1,652 bytes EULA.txt
07/02/2002 2000.80.650.0 107,088 bytes Impprov.dll
07/19/2002 774,516 bytes Instdist.sql
08/20/2002 2000.80.679.0 111,172 bytes Logread.exe
04/06/2002 2000.80.606.0 62,024 bytes Odsole70.dll
01/02/2002 18,185 bytes Qfe356326.sql
07/09/2002 3,672 bytes Qfe360814_dist.sql
08/20/2002 2000.80.679.0 135,748 bytes Qrdrsvc.exe
08/26/2002 2000.80.679.0 406,088 bytes Rdistcom.dll
10/10/2002 15,479 bytes Readme.txt
10/03/2001 437,302 bytes Replcom.sql
08/20/2002 2000.80.679.0 152,136 bytes Replmerg.exe
11/19/2001 993,945 bytes Replmerg.sql
10/03/2001 986,906 bytes Replsys.sql
10/03/2001 881,228 bytes Repltran.sql
08/26/2002 2000.80.679.0 283,208 bytes Rinitcom.dll
09/16/2002 390,045 bytes SecurityHotfix.sql
07/26/2002 2000.80.664.0 25,152 bytes Servpriv.exe
08/26/2002 2000.80.679.0 28,672 bytes Sqlagent.dll
08/26/2002 2000.80.679.0 311,872 bytes Sqlagent.exe
08/28/2002 2000.80.679.0 49,152 bytes Sqlagent.rll
08/26/2002 2000.80.679.0 53,824 bytes Sqlcmdss.dll
08/28/2002 2000.80.679.0 12,288 bytes Sqlcmdss.rll
08/26/2002 2000.80.679.0 7,467,092 bytes Sqlservr.exe
08/26/2002 12,633,088 bytes Sqlservr.pdb
08/26/2002 2000.80.679.0 82,492 bytes Ssnetlib.dll
01/04/2002 18,130 bytes Uninstall.sql
04/06/2002 2000.80.606.0 70,208 bytes Xplog70.dll
04/06/2002 2000.80.606.0 53,828 bytes Xpqueue.dll
04/06/2002 2000.80.606.0 156,228 bytes Xprepl.dll
07/11/2002 2000.80.658.0 279,104 bytes Xpstar.dll
09/16/2002 2000.80.686.0 98,872 bytes Xpweb70.dll
October 2, 2002 Release
This release of the SQL Server 2000 security cumulative package contains the following:
- A revocation of support for clients that send SQL Server version 7.0, or later, tabular data streams (TDS) in big-endian format.
Note Microsoft does not know of a commercially available product that sends TDS 7.0, or later, data streams to SQL Server in big-endian format. - A revocation of public access on an extended stored procedure.
- A fix for the escalation of privileges vulnerability on certain stored procedures.
- A fix for an unchecked buffer in SQL Server 2000 Database Console Commands (DBCCs).
- A fix related to the checking of a registry key that determines access to OLE DB providers through the OPENROWSET or the OPENDATASOURCE function.
Potential backward-compatibility issues with this fix are explained in the following Microsoft Knowledge Base article:
328569 FIX: Ad hoc access incorrectly permitted if DisallowAdhocAccess registry key is missing
These issues are explained in detail in Microsoft Security Bulletin MS02-056:
Note After you apply this hotfix, an ActiveX Data Objects (ADO) recordset is not updateable. This is a known issue. The issue is very specific, and both of the following conditions must be met:
You use a view with concatenated columns. For example:
SELECT field1, field2 + "," + field3 AS myField from...
- You use a SELECT statement that has more than one (1) LEFT OUTER JOIN and the LEFT OUTER JOIN includes columns from the view.
The error message that you receive when you try to update the ADO recordset is:
The following files are available for download from the Microsoft Download Center:
English: Download 8.00.0679_enu.exe now
Chinese (Simplified): Download 8.00.0679_chs.exe now
Chinese (Traditional): Download 8.00.0679_cht.exe now
French: Download 8.00.0679_frn.exe now
German: Download 8.00.0679_ger.exe now
Italian: Download 8.00.0679_ita.exe now
Japanese: Download 8.00.0679_jpn.exe now
Korean: Download 8.00.0679_kor.exe now
Spanish: Download 8.00.0679_esn.exe now
Release Date: OCT-2-2002
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
The English version of this fix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Date Version Size File name
----------------------------------------------------------------------
08/30/2002 786,432 bytes Distmdl.ldf
08/30/2002 2,359,296 bytes Distmdl.mdf
07/02/2002 1,652 bytes EULA.txt
07/02/2002 2000.80.650.0 107,088 bytes Impprov.dll
07/19/2002 772,825 bytes Instdist.sql
08/20/2002 2000.80.679.0 111,172 bytes Logread.exe
04/06/2002 2000.80.606.0 62,024 bytes Odsole70.dll
01/02/2002 18,185 bytes Qfe356326.sql
07/09/2002 3,672 bytes Qfe360814_dist.sql
08/20/2002 2000.80.679.0 135,748 bytes Qrdrsvc.exe
08/26/2002 406,088 bytes Rdistcom.dll
09/11/2002 15,481 bytes Readme.txt
10/03/2001 437,302 bytes Replcom.sql
08/20/2002 152,136 bytes Replmerg.exe
11/19/2001 993,945 bytes Replmerg.sql
10/03/2001 986,906 bytes Replsys.sql
10/03/2001 881,228 bytes Repltran.sql
08/26/2002 283,208 bytes Rinitcom.dll
08/29/2002 389,520 bytes SecurityHotfix.sql
07/26/2002 25,152 bytes Servpriv.exe
08/26/2002 28,672 bytes Sqlagent.dll
08/26/2002 311,872 bytes Sqlagent.exe
08/28/2002 49,152 bytes Sqlagent.rll
08/26/2002 53,824 bytes Sqlcmdss.dll
08/28/2002 12,288 bytes Sqlcmdss.rll
08/26/2002 2000.80.679.0 7,467,092 bytes Sqlservr.exe
08/26/2002 12,633,088 bytes Sqlservr.pdb
08/26/2002 2000.80.679.0 82,492 bytes Ssnetlib.dll
01/04/2002 18,130 bytes Uninstall.sql
04/06/2002 2000.80.606.0 70,208 bytes Xplog70.dll
04/06/2002 2000.80.606.0 53,828 bytes Xpqueue.dll
04/06/2002 156,228 bytes Xprepl.dll
07/11/2002 279,104 bytes Xpstar.dll
04/06/2002 98,872 bytes Xpweb70.dll
Note If you are installing this hotfix on a computer that has Microsoft SQL Server 2000 Enterprise Edition with clustering enabled, follow these steps:
- Install Microsoft SQL Server 2000 Service Pack 2. Do not continue with the installation until you successfully install SQL Server 2000 Service Pack 2.
- Move to a node of the cluster where an instance of SQL Server is currently not running.
Make a backup copy of these files:
File name File location ---------------------------------------------------------------------------------------------------------------------- Impprov.dll <%ProgramFiles%>\Microsoft SQL Server\80\COM folder Instdist.sql <Installation path for this instance of SQL Server>\Install folder Odsole70.dll <Installation path for this instance of SQL Server>\Binn folder Logread.exe <%ProgramFiles%>\Microsoft SQL Server\80\COM folder Qrdrsvc.exe <%ProgramFiles%>\Microsoft SQL Server\80\COM folder Rdistcom.dll <%ProgramFiles%>\Microsoft SQL Server\80\COM folder Replcom.sql <Installation path for this instance of SQL Server>\Install folder Replmerg.exe <%ProgramFiles%>\Microsoft SQL Server\80\COM folder Replmerg.sql <Installation path for this instance of SQL Server>\Install folder Replsys.sql <Installation path for this instance of SQL Server>\Install folder Repltran.sql <Installation path for this instance of SQL Server>\Install folder Rinitcom.dll <%ProgramFiles%>\Microsoft SQL Server\80\COM folder Sqlagent.dll <Installation path for this instance of SQL Server>\Binn folder Sqlagent.exe <Installation path for this instance of SQL Server>\Binn folder Sqlagent.rll <Installation path for this instance of SQL Server>\Binn\Resources\<Language ID> folder Sqlcmdss.dll <Installation path for this instance of SQL Server>\Binn folder Sqlcmdss.rll <Installation path for this instance of SQL Server>\Binn\Resources\<Language ID> folder Sqlservr.exe <Installation path for this instance of SQL Server>\Binn folder Sqlservr.pdb <Installation path for this instance of SQL Server>\Binn\Exe folder Ssnetlib.dll <Installation path for this instance of SQL Server>\Binn folder Xpqueue.dll <Installation path for this instance of SQL Server>\Binn folder Xprepl.dll <Installation path for this instance of SQL Server>\Binn folder Xpweb70.dll <Installation path for this instance of SQL Server>\Binn folder Xplog70.dll <Installation path for this instance of SQL Server>\Binn folder Xpstar.dll <Installation path for this instance of SQL Server>\Binn folder- Copy the files in the following lists:
- From the hotfix self-extracting archive, copy these files to the <Installation path for this instance of SQL Server>\Binn folder:
Odsole70.dll
Sqlagent.dll
Sqlagent.exe
Sqlcmdss.dll
Sqlservr.exe
Ssnetlib.dll
Xpqueue.dll
Xprepl.dll
Xpstar.dll
Xpweb70.dll
Xplog70.dll - From the hotfix self-extracting archive, copy this file to the <Installation path for this instance of SQL Server>\Binn\Exe folder:
Sqlservr.pdb
- From the hotfix self-extracting archive, copy these files to the <%ProgramFiles%>\Microsoft SQL Server\80\COM folder:
Impprov.dll
Rdistcom.dll
Replmerg.exe
Rinitcom.dll
Logread.exe
Qrdrsvc.exe - From the hotfix self-extracting archive, copy these files to the <Installation path for this instance of SQL Server>\Install folder:
Instdist.sql
Replcom.sql
Replmerg.sql
Replsys.sql
Repltran.sql - From the hotfix self-extracting archive, copy these files to the <Installation path for this instance of SQL Server>\Binn\Resources\<Language ID> folder:
Sqlagent.rll
Sqlcmdss.rll
- From the hotfix self-extracting archive, copy these files to the <Installation path for this instance of SQL Server>\Binn folder:
- Run the Servpriv.exe tool from the command prompt. To set the appropriate user rights on the corresponding service registry keys, specify an instance of SQL Server 2000 when you run Servpriv.exe. For more information about Servpriv.exe, see the "Information About Servpriv.exe" section that is located at the end of the Readme.txt file for the hotfix.
- Failover the instance of SQL Server to the node in which you installed the new binaries.
- Repeat steps 3 through 5 on the remaining nodes in the cluster.
- Connect to SQL Server as a member of the system administrator (sa) role or as the sa by using SQL Query Analyzer or the osql utility (Osql.exe), and then run Qfe356326.sql and SecurityHotfix.sql.
- If this server is used with replication, and if you have distribution databases, connect as a member of the system administrator (sa) role or as the sa by using SQL Query Analyzer or the osql utility (Osql.exe). Switch to the context of each distribution database in turn, and then run Qfe360814_dist.sql.
- Move to the node of the cluster where the instance of SQL Server is currently running, and then follow these steps:
- Make a backup copy of these files from the \Data folder:
Distmdl.ldf
Distmdl.mdf - From the hotfix self-extracting archive, copy these files to the \Data folder:
Distmdl.ldf
Distmdl.mdf
- Make a backup copy of these files from the \Data folder:
August 14, 2002 Release
This release of the SQL Server 2000 security cumulative package contains the following:
- A fix for the escalation of privileges vulnerability by setting permissions on the extended stored procedures in questions so that only administrators can invoke them. -and-
- These updates to Servpriv.exe:
- The ability to run in an unattended mode.
- The ability to detect the correct service pack for Microsoft Data Engine (MSDE) so that Servpriv.exe will run.
- The fixes described in Microsoft Security Bulletin MS02-039:
These issues are explained in detail in Microsoft Security Bulletin MS02-043:
The following files are available for download from the Microsoft Download Center:
Note Before you apply the fix, read the Readme.txt file that is in the package.
English: [[%0Ahttp://download.microsoft.com/download/SQLSVR2000/Patch/8.00.0667/W98NT42KMeXP/EN-US/8.00.0667_enu.exe|Download 8.00.0667_enu.exe now]]
Chinese (Simplified): Download 8.00.0667_chs.exe now
Chinese (Traditional): Download 8.00.0667_cht.exe now
French: Download 8.00.0667_frn.exe now
German: Download 8.00.0667_ger.exe now
Italian: Download 8.00.0667_ita.exe now
Japanese: Download 8.00.0667_jpn.exe now
Korean: Download 8.00.0667_kor.exe now
Spanish: Download 8.00.0667_esn.exe now
Release Date: AUG-14-2002
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
The English version of this fix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Date Version Size File name
--------------------------------------------------------------------
11/19/2001 786,432 bytes Distmdl.ldf
11/19/2001 2,359,296 bytes Distmdl.mdf
12/02/2001 1,652 bytes EULA.txt
07/02/2002 2000.80.650.0 107,088 bytes Impprov.dll
11/11/2001 772,825 bytes Instdist.sql
04/06/2002 2000.80.606.0 62,024 bytes Odsole70.dll
01/02/2002 18,185 bytes Qfe356326.sql
07/09/2002 3,672 bytes Qfe360814_dist.sql
08/08/2002 12,804 bytes Readme.txt
10/03/2001 437,302 bytes Replcom.sql
11/19/2001 993,945 bytes Replmerg.sql
10/03/2001 986,906 bytes Replsys.sql
10/03/2001 881,228 bytes Repltran.sql
07/24/2002 99,461 bytes SecurityHotfix.sql
07/26/2002 2000.80.664.0 25,152 bytes Servpriv.exe
07/29/2002 2000.80.665.0 7,462,996 bytes Sqlservr.exe
07/29/2002 12,633,088 bytes Sqlservr.pdb
06/03/2002 2000.80.636.0 82,492 bytes Ssnetlib.dll
01/04/2002 18,130 bytes Uninstall.sql
04/06/2002 2000.80.606.0 70,208 bytes Xplog70.dll
04/06/2002 2000.80.606.0 53,828 bytes Xpqueue.dll
04/06/2002 2000.80.606.0 156,228 bytes Xprepl.dll
07/11/2002 2000.80.658.0 279,104 bytes Xpstar.dll
04/06/2002 2000.80.606.0 98,872 bytes Xpweb70.dll
Note This security hotfix contains some older files that were included with the Service Pack. These files are required if you have to rebuild the master database or the distribution database. The fixes to resolve the security issues are still included in this hotfix. After you rebuild the master or the distribution databases, you must reapply this security QFE.
If you applied security patch 665, the following files, which are contained in this 667 hotfix, will be newer than the ones you have on your server:
Date Size File name
--------------------------------------------
11/19/2001 786,432 bytes Distmdl.ldf
11/19/2001 2,359,296 bytes Distmdl.mdf
11/11/2001 772,825 bytes Instdist.sql
10/03/2001 437,302 bytes Replcom.sql
11/19/2001 993,945 bytes Replmerg.sql
10/03/2001 986,906 bytes Replsys.sql
10/03/2001 881,228 bytes Repltran.sql
These files from hotfix 665 are dated 07/09/2002. If you apply the 667 hotfix and you receive a message that newer files are being overwritten, click Yes.
July 24, 2002 Release
This release of the SQL Server 2000 security cumulative package contains the following fixes:
- Unchecked Buffer in SQL Server 2000 Database Console Command (DBCCs).
- SQL Injection that occurs in two stored procedures used in replication.
These issues are explained in detail in Microsoft Security Bulletin MS02-038:
The following files are available for download from the Microsoft Download Center:
Note Before you apply the fix, read the Readme.txt file that is in the package.
English: Download 8.00.0655_enu.exe now
Chinese (Simplified): Download 8.00.0655_chs.exe now
Chinese (Traditional): Download 8.00.0655_cht.exe now
French: Download 8.00.0655_frn.exe now
German: Download 8.00.0655_ger.exe now
Italian: Download 8.00.0655_ita.exe now
Japanese: Download 8.00.0655_jpn.exe now
Korean: Download 8.00.0655_kor.exe now
Spanish: Download 8.00.0655_esn.exe now
Release Date: JUL-24-2002
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
The English version of this fix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size File name
--------------------------------------------------------------------
07/09/2002 14:35 786,432 bytes Distmdl.ldf
07/09/2002 14:35 2,359,296 bytes Distmdl.mdf
12/02/2001 21:14 1,652 bytes EULA.txt
07/02/2002 08:35 2000.80.650.0 107,088 bytes Impprov.dll
07/09/2002 13:33 773,140 bytes Instdist.sql
04/06/2002 19:08 2000.80.606.0 62,024 bytes Odsole70.dll
01/02/2002 18:59 18,185 bytes Qfe356326.sql
07/09/2002 13:33 3,672 bytes Qfe360814_dist.sql
07/10/2002 17:32 12,074 bytes Readme.txt
07/09/2002 13:33 438,669 bytes Replcom.sql
07/09/2002 13:41 994,124 bytes Replmerg.sql
07/09/2002 13:33 992,924 bytes Replsys.sql
07/09/2002 11:50 98,300 bytes SecurityHotfix.sql
06/13/2002 08:33 25,152 bytes Servpriv.exe
07/03/2002 18:45 2000.80.655.0 7,458,897 bytes Sqlservr.exe
07/03/2002 18:45 12,624,896 bytes Sqlservr.pdb
01/04/2002 17:12 18,130 bytes Uninstall.sql
04/06/2002 19:08 2000.80.606.0 70,208 bytes Xplog70.dll
04/06/2002 19:08 2000.80.606.0 53,828 bytes Xpqueue.dll
04/06/2002 19:08 2000.80.606.0 156,228 bytes Xprepl.dll
07/11/2002 18:00 2000.80.658.0 279,104 bytes Xpstar.dll
04/06/2002 19:08 2000.80.606.0 98,872 bytes Xpweb70.dll
July 10, 2002 Release
This release of the SQL Server 2000 security cumulative package contains the following fixes:
322853 FIX: SQL Server grants unnecessary permissions or an encryption function contains unchecked buffers
For more information about this vulnerability, visit the following Microsoft Web site:
The following files are available for download from the Microsoft Download Center:
English: Download 8.00.0650_enu.exe now
Chinese (Simplified): Download 8.00.0650_chs.exe now
Chinese (Traditional): Download 8.00.0650_cht.exe now
French: Download 8.00.0650_frn.exe now
German: Download 8.00.0650_ger.exe now
Italian: Download 8.00.0650_ita.exe now
Japanese: Download 8.00.0650_jpn.exe now
Korean: Download 8.00.0650_kor.exe now
Spanish: Download 8.00.0650_esn.exe now
Release Date: JUL-10-2002
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
The English version of this fix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size File name
--------------------------------------------------------------------
02-Dec-2001 21:14 1,652 bytes EULA.txt
02-Jul-2002 08:35 2000.80.650.0 107,088 bytes Impprov.dll
06-Apr-2002 19:08 2000.80.606.0 62,024 bytes Odsole70.dll
02-Jan-2002 18:59 18,185 bytes Qfe356326.sql
17-Jun-2002 10:31 857 bytes qfe356938.sql
10-Jul-2002 17:21 9,594 bytes Readme.txt
13-Jun-2002 08:33 25,152 bytes Servpriv.exe
28-Jun-2002 09:52 7,454,801 bytes Sqlservr.exe
28-Jun-2002 09:52 12,616,704 bytes Sqlservr.pdb
04-Jan-2002 17:12 18,130 bytes Uninstall.sql
06-Apr-2002 19:08 2000.80.606.0 70,208 bytes Xplog70.dll
06-Apr-2002 19:08 2000.80.606.0 53,828 bytes Xpqueue.dll
06-Apr-2002 19:08 2000.80.606.0 156,228 bytes Xprepl.dll
14-May-2002 20:41 2000.80.628.0 279,104 bytes Xpstar.dll
06-Apr-2002 19:08 2000.80.606.0 98,872 bytes Xpweb70.dll
April 17, 2002 Release
This release of the SQL Server 2000 security cumulative package contains the following fix:
319507 FIX: SQL extended procedure functions contain unchecked buffers
For more information about this vulnerability, visit the following Microsoft Web site:
The following files are available for download from the Microsoft Download Center:
English: Download 8.00.0608_SQL2K_sp2_x86_enu.exe now
Chinese (Simplified): Download 8.00.0608_SQL2K_sp2_x86_chs.exe now
Chinese (Traditional): Download 8.00.0608_SQL2K_sp2_x86_cht.exe now
French: Download 8.00.0608_SQL2K_sp2_x86_frn.exe now
German: Download 8.00.0608_SQL2K_sp2_x86_ger.exe now
Italian: Download 8.00.0608_SQL2K_sp2_x86_ita.exe now
Japanese: Download 8.00.0608_SQL2K_sp2_x86_jpn.exe now
Korean: Download 8.00.0608_SQL2K_sp2_x86_kor.exe now
Spanish: Download 8.00.0608_SQL2K_sp2_x86_esn.exe now
Release Date: APR-17-2002
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
The English version of this fix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size File name
-----------------------------------------------------------
07-Apr-2002 02:08 2000.80.606.0 62,024 Odsole70.dll
03-Jan-2002 01:59 18,185 Qfe356326.sql
06-Apr-2002 00:20 524 Qfe356938.sql
10-Apr-2002 22:32 2000.80.608.0 7,454,801 Sqlservr.exe
05-Jan-2002 00:12 18,130 Uninstall.sql
07-Apr-2002 02:08 2000.80.606.0 70,208 Xplog70.dll
07-Apr-2002 02:08 2000.80.606.0 53,828 Xpqueue.dll
07-Apr-2002 02:08 2000.80.606.0 156,228 Xprepl.dll
11-Apr-2002 00:14 2000.80.608.0 279,104 Xpstar.dll
07-Apr-2002 02:08 2000.80.606.0 98,872 Xpweb70.dll
For additional information about a separate cumulative security patch for SQL Server 7.0, click the following article numbers to view the articles in the Microsoft Knowledge Base:
327068 SQL Server 7.0 Security Update for Service Pack 4
318268 SQL Server 7.0 Security Update for Service Pack 3
Comments about this or other Microsoft SQL Server Knowledge Base articles? Drop us a note at Q316333.
Additional query words: security_patch
Keywords: kbhotfixserver atdownload kbdownload kbfix kbinfo kbqfe kbsecurity kbsqlserv2000presp3fix kbsqlserv2000sp3fix KB316333
