• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft SQL Server Web Task Stored Procedure Privilege Escalation Vulnerability

Solution:
Microsoft has released an updated cumulative patch for this and other security issues, which includes an installer.

Cisco has released an advisory. Information about obtaining and applying fixes is available in the referenced advisory.

Fixes available:


Microsoft SQL Server 2000

• Microsoft sql2ksp3
  http://www.microsoft.com/sql/downloads/2000/sp3.asp?SD=GN&LN=en-us&gss nb=1

Microsoft SQL Server 7.0 SP4

• Microsoft Q327068
  Patch released in MS02-061.
  http://support.microsoft.com/default.aspx?scid=kb;en-us;Q327068&sd=tec h

Cisco E-Mail Manager

• Microsoft sql2ksp3
  http://www.microsoft.com/sql/downloads/2000/sp3.asp?SD=GN&LN=en-us&gss nb=1

Microsoft SQL Server 2000 SP1

• Microsoft sql2ksp3
  http://www.microsoft.com/sql/downloads/2000/sp3.asp?SD=GN&LN=en-us&gss nb=1

Microsoft SQL Server 2000 SP2

• Microsoft Q316333
  Patch released in MS02-061.
  http://support.microsoft.com/default.aspx?scid=kb;en-us;Q316333&sd=tec h


• Microsoft Q316333
  Updated cumulative patch.
  http://support.microsoft.com/default.aspx?scid=kb;en-us;Q316333&sd=tec h


• Microsoft sql2ksp3
  http://www.microsoft.com/sql/downloads/2000/sp3.asp?SD=GN&LN=en-us&gss nb=1

Cisco Call Manager 3.3

• Cisco SQL2K-MS02-061.exe
  http://www.cisco.com/tacpage/sw-center/telephony/crypto/voice-apps/

Cisco Intelligent Contact Manager 5.0

• Microsoft sql2ksp3
  http://www.microsoft.com/sql/downloads/2000/sp3.asp?SD=GN&LN=en-us&gss nb=1