This article discusses a security or privacy issue that may
affect the operation of your computer. The information in this article is
provided "as-is" without warranty of any kind. The workaround or hotfix that is
described in this article describes the issue as it is currently understood,
but may not protect against any undiscovered variants of this issue. Microsoft
recommends that you apply this cumulative patch or implement the workarounds if
one is provided.
MORE INFORMATION
February 7, 2003 Re-release This re-release of the October 16, 2002 SQL Server 2000
security cumulative package combines the following hotfixes:
These hotfixes are combined into the SQL Critical Update. This
Update helps you install security fixes by using a GUI based setup program. By
using the SQL Critical Update, you can automate the deployment process of
security fixes across your whole organization.
Before you attempt to
install these files, please read the important installation instructions in the
following Microsoft Knowledge Base article:
330391 INF: SQL Server Hotfix Installer
To obtain the SQL Critical update, please
visit the following Microsoft Web site:
SQL Critical
UpdateRelease Date: 07-FEB-2003
For additional
information on this release, please read the details for the October 16, 2002
release.
October 16, 2002 Release
This release of the SQL Server 2000 security cumulative package
contains the following:
- SQL Server 7.0 and SQL Server 2000 provide stored
procedures that are a collection of Transact-SQL statements. These Transact-SQL
statements are stored under a name, and the statements are processed as a
group. With one of the stored procedures, low privileged users can run, delete,
insert or modify Web tasks.
An attacker who can authenticate to SQL
Server can delete all the Web tasks created by other users. Also, the attacker
can run existing Web tasks in the context of the creator of the Web task or
they can potentially insert their own Web tasks. These Web tasks typically run
in the context of the SQL Server Agent service account. This patch includes a
fix that removes this vulnerability by correcting the permissions on these
objects.
These issues are explained in detail in Microsoft
Security Bulletin MS02-061:
Microsoft
Security Bulletin MS02-061NOTE: If you have previously installed the fix discussed in Microsoft
Security Bulletin MS02-056, you can install this fix by completing the
following actions:
- From the <Installation path for this instance of SQL
Server>\Binn folder, make a backup copy of the following file:
Xpweb70.dll
- From the hotfix self-extracting archive, copy this file to
the <Installation path for this instance of SQL Server>\Binn folder:
Xpweb70.dll
- Connect to SQL Server as a member of the system
administrator (sa) role or as the sa by using SQL Query Analyzer or the osql
utility (Osql.exe), and then run SecurityHotfix.sql.
NOTE: After you apply this hotfix, the ActiveX Data Objects (ADO)
recordset is not updateable. This is a known issue. The issue is very specific,
and both of the following conditions must be met:
The error message that you receive when you try to update the
ADO recordset is:
Insufficient key column information
for updating
The following files are available for
download from the Microsoft Download Center:
English:
Download
8.00.0686_enu.exe nowChinese (Simplified):
Download 8.00.0686_chs.exe nowChinese (Traditional):
Download 8.00.0686_cht.exe nowFrench:
Download 8.00.0686_frn.exe nowGerman:
Download 8.00.0686_ger.exe nowItalian:
Download 8.00.0686_ita.exe nowJapanese:
Download 8.00.0686_jpn.exe nowKorean:
Download 8.00.0686_kor.exe nowSpanish:
Download 8.00.0686_esn.exe nowRelease Date:
OCT-16-2002
For
additional information about how to download Microsoft Support files, click the
following article number to view the article in the Microsoft Knowledge Base:
119591 How To Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most
current virus-detection software that was available on the date that the file
was posted. The file is stored on security-enhanced servers that help to
prevent any unauthorized changes to the file.
The
English version of this fix has the file attributes (or later) that are listed
in the following table. The dates and times for these files are listed in
coordinated universal time (UTC). When you view the file information, it is
converted to local time. To find the difference between UTC and local time, use
the Time Zone tab in the Date and Time tool in Control Panel.
Date Version Size File name
----------------------------------------------------------------------
08/30/2002 786,432 bytes Distmdl.ldf
08/30/2002 2,359,296 bytes Distmdl.mdf
12/02/2001 1,652 bytes EULA.txt
07/02/2002 2000.80.650.0 107,088 bytes Impprov.dll
07/19/2002 774,516 bytes Instdist.sql
08/20/2002 2000.80.679.0 111,172 bytes Logread.exe
04/06/2002 2000.80.606.0 62,024 bytes Odsole70.dll
01/02/2002 18,185 bytes Qfe356326.sql
07/09/2002 3,672 bytes Qfe360814_dist.sql
08/20/2002 2000.80.679.0 135,748 bytes Qrdrsvc.exe
08/26/2002 2000.80.679.0 406,088 bytes Rdistcom.dll
10/10/2002 15,479 bytes Readme.txt
10/03/2001 437,302 bytes Replcom.sql
08/20/2002 2000.80.679.0 152,136 bytes Replmerg.exe
11/19/2001 993,945 bytes Replmerg.sql
10/03/2001 986,906 bytes Replsys.sql
10/03/2001 881,228 bytes Repltran.sql
08/26/2002 2000.80.679.0 283,208 bytes Rinitcom.dll
09/16/2002 390,045 bytes SecurityHotfix.sql
07/26/2002 2000.80.664.0 25,152 bytes Servpriv.exe
08/26/2002 2000.80.679.0 28,672 bytes Sqlagent.dll
08/26/2002 2000.80.679.0 311,872 bytes Sqlagent.exe
08/28/2002 2000.80.679.0 49,152 bytes Sqlagent.rll
08/26/2002 2000.80.679.0 53,824 bytes Sqlcmdss.dll
08/28/2002 2000.80.679.0 12,288 bytes Sqlcmdss.rll
08/26/2002 2000.80.679.0 7,467,092 bytes Sqlservr.exe
08/26/2002 12,633,088 bytes Sqlservr.pdb
08/26/2002 2000.80.679.0 82,492 bytes Ssnetlib.dll
01/04/2002 18,130 bytes Uninstall.sql
04/06/2002 2000.80.606.0 70,208 bytes Xplog70.dll
04/06/2002 2000.80.606.0 53,828 bytes Xpqueue.dll
04/06/2002 2000.80.606.0 156,228 bytes Xprepl.dll
07/11/2002 2000.80.658.0 279,104 bytes Xpstar.dll
09/16/2002 2000.80.686.0 98,872 bytes Xpweb70.dll
October 2, 2002 Release
This release of the SQL Server 2000 security cumulative package
contains the following:
These issues are explained in detail in Microsoft Security
Bulletin MS02-056:
Microsoft
Security Bulletin MS02-056NOTE: After you apply this hotfix, an ActiveX Data Objects (ADO)
recordset is not updateable. This is a known issue. The issue is very specific,
and both of the following conditions must be met:
The error message that you receive when you try to update the
ADO recordset is:
Insufficient key column information
for updating
The following files are available for download from the
Microsoft Download Center:
English:
Download
8.00.0679_enu.exe nowChinese (Simplified):
Download
8.00.0679_chs.exe nowChinese (Traditional):
Download
8.00.0679_cht.exe nowFrench:
Download
8.00.0679_frn.exe nowGerman:
Download
8.00.0679_ger.exe nowItalian:
Download
8.00.0679_ita.exe nowJapanese:
Download
8.00.0679_jpn.exe nowKorean:
Download
8.00.0679_kor.exe nowSpanish:
Download
8.00.0679_esn.exe nowRelease Date:
OCT-2-2002
For
additional information about how to download Microsoft Support files, click the
following article number to view the article in the Microsoft Knowledge Base:
119591 How To Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most
current virus-detection software that was available on the date that the file
was posted. The file is stored on security-enhanced servers that help to
prevent any unauthorized changes to the file.
The
English version of this fix has the file attributes (or later) that are listed
in the following table. The dates and times for these files are listed in
coordinated universal time (UTC). When you view the file information, it is
converted to local time. To find the difference between UTC and local time, use
the Time Zone tab in the Date and Time tool in Control Panel.
Date Version Size File name
----------------------------------------------------------------------
08/30/2002 786,432 bytes Distmdl.ldf
08/30/2002 2,359,296 bytes Distmdl.mdf
07/02/2002 1,652 bytes EULA.txt
07/02/2002 2000.80.650.0 107,088 bytes Impprov.dll
07/19/2002 772,825 bytes Instdist.sql
08/20/2002 2000.80.679.0 111,172 bytes Logread.exe
04/06/2002 2000.80.606.0 62,024 bytes Odsole70.dll
01/02/2002 18,185 bytes Qfe356326.sql
07/09/2002 3,672 bytes Qfe360814_dist.sql
08/20/2002 2000.80.679.0 135,748 bytes Qrdrsvc.exe
08/26/2002 406,088 bytes Rdistcom.dll
09/11/2002 15,481 bytes Readme.txt
10/03/2001 437,302 bytes Replcom.sql
08/20/2002 152,136 bytes Replmerg.exe
11/19/2001 993,945 bytes Replmerg.sql
10/03/2001 986,906 bytes Replsys.sql
10/03/2001 881,228 bytes Repltran.sql
08/26/2002 283,208 bytes Rinitcom.dll
08/29/2002 389,520 bytes SecurityHotfix.sql
07/26/2002 25,152 bytes Servpriv.exe
08/26/2002 28,672 bytes Sqlagent.dll
08/26/2002 311,872 bytes Sqlagent.exe
08/28/2002 49,152 bytes Sqlagent.rll
08/26/2002 53,824 bytes Sqlcmdss.dll
08/28/2002 12,288 bytes Sqlcmdss.rll
08/26/2002 2000.80.679.0 7,467,092 bytes Sqlservr.exe
08/26/2002 12,633,088 bytes Sqlservr.pdb
08/26/2002 2000.80.679.0 82,492 bytes Ssnetlib.dll
01/04/2002 18,130 bytes Uninstall.sql
04/06/2002 2000.80.606.0 70,208 bytes Xplog70.dll
04/06/2002 2000.80.606.0 53,828 bytes Xpqueue.dll
04/06/2002 156,228 bytes Xprepl.dll
07/11/2002 279,104 bytes Xpstar.dll
04/06/2002 98,872 bytes Xpweb70.dll
NOTE: If you are installing this hotfix on a computer that has
Microsoft SQL Server 2000 Enterprise Edition with clustering enabled, follow
these steps:
- Install Microsoft SQL Server 2000 Service Pack 2. Do not
continue with the installation until you successfully install SQL Server 2000
Service Pack 2.
- Move to a node of the cluster where an instance of SQL
Server is currently not running.
- Make a backup copy of these files:
File name File location
----------------------------------------------------------------------------------------------------------------------
Impprov.dll <%ProgramFiles%>\Microsoft SQL Server\80\COM folder
Instdist.sql <Installation path for this instance of SQL Server>\Install folder
Odsole70.dll <Installation path for this instance of SQL Server>\Binn folder
Logread.exe <%ProgramFiles%>\Microsoft SQL Server\80\COM folder
Qrdrsvc.exe <%ProgramFiles%>\Microsoft SQL Server\80\COM folder
Rdistcom.dll <%ProgramFiles%>\Microsoft SQL Server\80\COM folder
Replcom.sql <Installation path for this instance of SQL Server>\Install folder
Replmerg.exe <%ProgramFiles%>\Microsoft SQL Server\80\COM folder
Replmerg.sql <Installation path for this instance of SQL Server>\Install folder
Replsys.sql <Installation path for this instance of SQL Server>\Install folder
Repltran.sql <Installation path for this instance of SQL Server>\Install folder
Rinitcom.dll <%ProgramFiles%>\Microsoft SQL Server\80\COM folder
Sqlagent.dll <Installation path for this instance of SQL Server>\Binn folder
Sqlagent.exe <Installation path for this instance of SQL Server>\Binn folder
Sqlagent.rll <Installation path for this instance of SQL Server>\Binn\Resources\<Language ID> folder
Sqlcmdss.dll <Installation path for this instance of SQL Server>\Binn folder
Sqlcmdss.rll <Installation path for this instance of SQL Server>\Binn\Resources\<Language ID> folder
Sqlservr.exe <Installation path for this instance of SQL Server>\Binn folder
Sqlservr.pdb <Installation path for this instance of SQL Server>\Binn\Exe folder
Ssnetlib.dll <Installation path for this instance of SQL Server>\Binn folder
Xpqueue.dll <Installation path for this instance of SQL Server>\Binn folder
Xprepl.dll <Installation path for this instance of SQL Server>\Binn folder
Xpweb70.dll <Installation path for this instance of SQL Server>\Binn folder
Xplog70.dll <Installation path for this instance of SQL Server>\Binn folder
Xpstar.dll <Installation path for this instance of SQL Server>\Binn folder
- Copy the files in the following lists:
- From the hotfix self-extracting archive, copy these
files to the <Installation path for this instance of SQL Server>\Binn
folder:
Odsole70.dll
Sqlagent.dll
Sqlagent.exe
Sqlcmdss.dll
Sqlservr.exe
Ssnetlib.dll
Xpqueue.dll
Xprepl.dll
Xpstar.dll
Xpweb70.dll
Xplog70.dll
- From the hotfix self-extracting archive, copy this file
to the <Installation path for this instance of SQL Server>\Binn\Exe
folder:
Sqlservr.pdb
- From the hotfix self-extracting archive, copy these
files to the <%ProgramFiles%>\Microsoft SQL Server\80\COM folder:
Impprov.dll
Rdistcom.dll
Replmerg.exe
Rinitcom.dll
Logread.exe
Qrdrsvc.exe
- From the hotfix self-extracting archive, copy these
files to the <Installation path for this instance of SQL Server>\Install
folder:
Instdist.sql
Replcom.sql
Replmerg.sql
Replsys.sql
Repltran.sql
- From the hotfix self-extracting archive, copy these
files to the <Installation path for this instance of SQL
Server>\Binn\Resources\<Language ID> folder:
Sqlagent.rll
Sqlcmdss.rll
- Run the Servpriv.exe tool from the command prompt. To set
the appropriate user rights on the corresponding service registry keys, specify
an instance of SQL Server 2000 when you run Servpriv.exe. For more information
about Servpriv.exe, see the "Information About Servpriv.exe" section that is
located at the end of the Readme.txt file for the hotfix.
- Failover the instance of SQL Server to the node in which
you installed the new binaries.
- Repeat steps 3 through 5 on the remaining nodes in the
cluster.
- Connect to SQL Server as a member of the system
administrator (sa) role or as the sa by using SQL Query Analyzer or the osql
utility (Osql.exe), and then run Qfe356326.sql and SecurityHotfix.sql.
- If this server is used with replication, and if you have
distribution databases, connect as a member of the system administrator (sa)
role or as the sa by using SQL Query Analyzer or the osql utility (Osql.exe).
Switch to the context of each distribution database in turn, and then run
Qfe360814_dist.sql.
- Move to the node of the cluster where the instance of SQL
Server is currently running, and then follow these steps:
- Make a backup copy of these files from the <Data
path for this instance of SQL Server>\Data folder:
Distmdl.ldf
Distmdl.mdf
- From the hotfix self-extracting archive, copy these
files to the <Data path for this instance of SQL Server>\Data folder:
Distmdl.ldf
Distmdl.mdf
NOTE: The standard hotfix installation steps are in the Readme.txt
file that is included with the hotfix.
August 14, 2002 Release
This release of the SQL Server 2000 security cumulative package
contains the following:
- A fix for the escalation of privileges vulnerability by
setting permissions on the extended stored procedures in questions so that only
administrators can invoke them. -and-
- These updates to Servpriv.exe:
- The ability to run in an unattended mode.
- The ability to detect the correct service pack for
Microsoft Data Engine (MSDE) so that Servpriv.exe will run.
- The fixes described in Microsoft Security Bulletin
MS02-039:
Microsoft
Security Bulletin MS02-039
These issues are explained in detail in Microsoft Security
Bulletin MS02-043:
Microsoft
Security Bulletin MS02-043 The following files are
available for download from the Microsoft Download Center:
NOTE: Before you apply the fix, read the Readme.txt file that is in
the package.
English:
Download
8.00.0667_enu.exe nowChinese (Simplified):
Download
8.00.0667_chs.exe nowChinese (Traditional):
Download
8.00.0667_cht.exe nowFrench:
Download
8.00.0667_frn.exe nowGerman:
Download
8.00.0667_ger.exe nowItalian:
Download
8.00.0667_ita.exe nowJapanese:
Download
8.00.0667_jpn.exe nowKorean:
Download
8.00.0667_kor.exe nowSpanish:
Download
8.00.0667_esn.exe nowRelease Date:
AUG-14-2002
For additional information about how to download Microsoft Support
files, click the following article number to view the article in the Microsoft
Knowledge Base:
119591 How To Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most
current virus-detection software that was available on the date that the file
was posted. The file is stored on security-enhanced servers that help to
prevent any unauthorized changes to the file.
The
English version of this fix has the file attributes (or later) that are listed
in the following table. The dates and times for these files are listed in
coordinated universal time (UTC). When you view the file information, it is
converted to local time. To find the difference between UTC and local time, use
the Time Zone tab in the Date and Time tool in Control Panel.
Date Version Size File name
--------------------------------------------------------------------
11/19/2001 786,432 bytes Distmdl.ldf
11/19/2001 2,359,296 bytes Distmdl.mdf
12/02/2001 1,652 bytes EULA.txt
07/02/2002 2000.80.650.0 107,088 bytes Impprov.dll
11/11/2001 772,825 bytes Instdist.sql
04/06/2002 2000.80.606.0 62,024 bytes Odsole70.dll
01/02/2002 18,185 bytes Qfe356326.sql
07/09/2002 3,672 bytes Qfe360814_dist.sql
08/08/2002 12,804 bytes Readme.txt
10/03/2001 437,302 bytes Replcom.sql
11/19/2001 993,945 bytes Replmerg.sql
10/03/2001 986,906 bytes Replsys.sql
10/03/2001 881,228 bytes Repltran.sql
07/24/2002 99,461 bytes SecurityHotfix.sql
07/26/2002 2000.80.664.0 25,152 bytes Servpriv.exe
07/29/2002 2000.80.665.0 7,462,996 bytes Sqlservr.exe
07/29/2002 12,633,088 bytes Sqlservr.pdb
06/03/2002 2000.80.636.0 82,492 bytes Ssnetlib.dll
01/04/2002 18,130 bytes Uninstall.sql
04/06/2002 2000.80.606.0 70,208 bytes Xplog70.dll
04/06/2002 2000.80.606.0 53,828 bytes Xpqueue.dll
04/06/2002 2000.80.606.0 156,228 bytes Xprepl.dll
07/11/2002 2000.80.658.0 279,104 bytes Xpstar.dll
04/06/2002 2000.80.606.0 98,872 bytes Xpweb70.dll
NOTE: This security hotfix contains some older files that were
included with the Service Pack. These files are required if you have to rebuild
the
master database or the
distribution database. The fixes to resolve the security issues are still
included in this hotfix. After you rebuild the
master or the
distribution databases, you must reapply this security QFE.
If you
applied security patch 665, the following files, which are contained in this
667 hotfix, will be newer than the ones you have on your server:
Date Size File name
--------------------------------------------
11/19/2001 786,432 bytes Distmdl.ldf
11/19/2001 2,359,296 bytes Distmdl.mdf
11/11/2001 772,825 bytes Instdist.sql
10/03/2001 437,302 bytes Replcom.sql
11/19/2001 993,945 bytes Replmerg.sql
10/03/2001 986,906 bytes Replsys.sql
10/03/2001 881,228 bytes Repltran.sql
These files from hotfix 665 are dated 07/09/2002. If you apply
the 667 hotfix and you receive a message that newer files are being
overwritten, click
Yes.
July 24, 2002 Release
This release of the SQL Server 2000 security cumulative package
contains the following fixes:
- Unchecked Buffer in SQL Server 2000 Database Console
Command (DBCCs).
- SQL Injection that occurs in two stored procedures used in
replication.
These issues are explained in detail in Microsoft Security
Bulletin MS02-038:
Microsoft
Security Bulletin MS02-038.
The following files are
available for download from the Microsoft Download Center:
NOTE: Before you apply the fix, read the Readme.txt file that is in
the package.
English:
Download
8.00.0655_enu.exe nowChinese (Simplified):
Download
8.00.0655_chs.exe nowChinese (Traditional):
Download
8.00.0655_cht.exe nowFrench:
Download
8.00.0655_frn.exe nowGerman:
Download
8.00.0655_ger.exe nowItalian:
Download
8.00.0655_ita.exe nowJapanese:
Download
8.00.0655_jpn.exe nowKorean:
Download
8.00.0655_kor.exe nowSpanish:
Download
8.00.0655_esn.exe nowRelease Date:
JUL-24-2002
For
additional information about how to download Microsoft Support files, click the
following article number to view the article in the Microsoft Knowledge Base:
119591 How To Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most
current virus-detection software that was available on the date that the file
was posted. The file is stored on security-enhanced servers that help to
prevent any unauthorized changes to the file.
The
English version of this fix has the file attributes (or later) that are listed
in the following table. The dates and times for these files are listed in
coordinated universal time (UTC). When you view the file information, it is
converted to local time. To find the difference between UTC and local time, use
the Time Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size File name
--------------------------------------------------------------------
07/09/2002 14:35 786,432 bytes Distmdl.ldf
07/09/2002 14:35 2,359,296 bytes Distmdl.mdf
12/02/2001 21:14 1,652 bytes EULA.txt
07/02/2002 08:35 2000.80.650.0 107,088 bytes Impprov.dll
07/09/2002 13:33 773,140 bytes Instdist.sql
04/06/2002 19:08 2000.80.606.0 62,024 bytes Odsole70.dll
01/02/2002 18:59 18,185 bytes Qfe356326.sql
07/09/2002 13:33 3,672 bytes Qfe360814_dist.sql
07/10/2002 17:32 12,074 bytes Readme.txt
07/09/2002 13:33 438,669 bytes Replcom.sql
07/09/2002 13:41 994,124 bytes Replmerg.sql
07/09/2002 13:33 992,924 bytes Replsys.sql
07/09/2002 11:50 98,300 bytes SecurityHotfix.sql
06/13/2002 08:33 25,152 bytes Servpriv.exe
07/03/2002 18:45 2000.80.655.0 7,458,897 bytes Sqlservr.exe
07/03/2002 18:45 12,624,896 bytes Sqlservr.pdb
01/04/2002 17:12 18,130 bytes Uninstall.sql
04/06/2002 19:08 2000.80.606.0 70,208 bytes Xplog70.dll
04/06/2002 19:08 2000.80.606.0 53,828 bytes Xpqueue.dll
04/06/2002 19:08 2000.80.606.0 156,228 bytes Xprepl.dll
07/11/2002 18:00 2000.80.658.0 279,104 bytes Xpstar.dll
04/06/2002 19:08 2000.80.606.0 98,872 bytes Xpweb70.dll
July 10, 2002 Release
This release of the SQL Server 2000 security cumulative package
contains the following fixes:
322853 FIX: SQL Server Grants Unnecessary Permissions or an Encryption Function Contains Unchecked Buffers
For more information about this vulnerability,
visit the following Microsoft Web site:
Microsoft Security Bulletin MS02-034
The
following files are available for download from the Microsoft Download
Center:
English: Download
8.00.0650_enu.exe now
Chinese (Simplified): Download
8.00.0650_chs.exe now
Chinese (Traditional): Download
8.00.0650_cht.exe now
French: Download
8.00.0650_frn.exe now
German: Download
8.00.0650_ger.exe now
Italian: Download
8.00.0650_ita.exe now
Japanese: Download
8.00.0650_jpn.exe now
Korean: Download
8.00.0650_kor.exe now
Spanish: Download
8.00.0650_esn.exe now
Release Date:
JUL-10-2002
For
additional information about how to download Microsoft Support files, click the
following article number to view the article in the Microsoft Knowledge Base:
119591 How To Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most
current virus-detection software that was available on the date that the file
was posted. The file is stored on security-enhanced servers that help to
prevent any unauthorized changes to the file.
The
English version of this fix has the file attributes (or later) that are listed
in the following table. The dates and times for these files are listed in
coordinated universal time (UTC). When you view the file information, it is
converted to local time. To find the difference between UTC and local time, use
the
Time Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size File name
--------------------------------------------------------------------
02-Dec-2001 21:14 1,652 bytes EULA.txt
02-Jul-2002 08:35 2000.80.650.0 107,088 bytes Impprov.dll
06-Apr-2002 19:08 2000.80.606.0 62,024 bytes Odsole70.dll
02-Jan-2002 18:59 18,185 bytes Qfe356326.sql
17-Jun-2002 10:31 857 bytes qfe356938.sql
10-Jul-2002 17:21 9,594 bytes Readme.txt
13-Jun-2002 08:33 25,152 bytes Servpriv.exe
28-Jun-2002 09:52 7,454,801 bytes Sqlservr.exe
28-Jun-2002 09:52 12,616,704 bytes Sqlservr.pdb
04-Jan-2002 17:12 18,130 bytes Uninstall.sql
06-Apr-2002 19:08 2000.80.606.0 70,208 bytes Xplog70.dll
06-Apr-2002 19:08 2000.80.606.0 53,828 bytes Xpqueue.dll
06-Apr-2002 19:08 2000.80.606.0 156,228 bytes Xprepl.dll
14-May-2002 20:41 2000.80.628.0 279,104 bytes Xpstar.dll
06-Apr-2002 19:08 2000.80.606.0 98,872 bytes Xpweb70.dll
April 17, 2002 Release
This release of the SQL Server 2000 security cumulative package
contains the following fix:
319507 SQL Extended Procedure Functions Contain Unchecked Buffers
For more information about this vulnerability,
visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/MS02-020.asp
The
following files are available for download from the Microsoft Download
Center:
English: Download
8.00.0608_SQL2K_sp2_x86_enu.exe now
Chinese (Simplified): Download
8.00.0608_SQL2K_sp2_x86_chs.exe now
Chinese (Traditional): Download
8.00.0608_SQL2K_sp2_x86_cht.exe now
French: Download
8.00.0608_SQL2K_sp2_x86_frn.exe now
German: Download
8.00.0608_SQL2K_sp2_x86_ger.exe now
Italian: Download
8.00.0608_SQL2K_sp2_x86_ita.exe now
Japanese: Download
8.00.0608_SQL2K_sp2_x86_jpn.exe now
Korean: Download
8.00.0608_SQL2K_sp2_x86_kor.exe now
Spanish: Download
8.00.0608_SQL2K_sp2_x86_esn.exe now
Release
Date: APR-17-2002
For
additional information about how to download Microsoft Support files, click the
following article number to view the article in the Microsoft Knowledge Base:
119591 How To Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most
current virus-detection software that was available on the date that the file
was posted. The file is stored on security-enhanced servers that help to
prevent any unauthorized changes to the file.
The
English version of this fix has the file attributes (or later) that are listed
in the following table. The dates and times for these files are listed in
coordinated universal time (UTC). When you view the file information, it is
converted to local time. To find the difference between UTC and local time, use
the
Time Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size File name
-----------------------------------------------------------
07-Apr-2002 02:08 2000.80.606.0 62,024 Odsole70.dll
03-Jan-2002 01:59 18,185 Qfe356326.sql
06-Apr-2002 00:20 524 Qfe356938.sql
10-Apr-2002 22:32 2000.80.608.0 7,454,801 Sqlservr.exe
05-Jan-2002 00:12 18,130 Uninstall.sql
07-Apr-2002 02:08 2000.80.606.0 70,208 Xplog70.dll
07-Apr-2002 02:08 2000.80.606.0 53,828 Xpqueue.dll
07-Apr-2002 02:08 2000.80.606.0 156,228 Xprepl.dll
11-Apr-2002 00:14 2000.80.608.0 279,104 Xpstar.dll
07-Apr-2002 02:08 2000.80.606.0 98,872 Xpweb70.dll
For additional information about a
separate cumulative security patch for SQL Server 7.0, click the following
article numbers to view the articles in the Microsoft Knowledge Base:
327068
INF: SQL Server 7.0 Security Update for Service Pack 4
318268 INF: SQL Server 7.0 Security Update for Service Pack 3
Comments about this or other Microsoft
SQL Server Knowledge Base articles? Drop us a note at
Q316333.