_________________________________________________________ DePaul University Computer Security Response Team C S R T _________________________________________________________ Computer Security Vulnerability Alert _____________________________________________________________________ 00:14 -0500 2003-07-25 SUMMARY Cumulative patch for Microsoft SQL Server SEVERITY High PLATFORM Microsoft SQL Server 7.0 Microsoft Data Engine (aka. MSDE) 1.0 Microsoft SQL Server 2000 Microsoft SQL Server 2000 Data Engine (MSDE 2000) Microsoft SQL Server 2000 Data Engine (Windows) Many other end-user products incorporate MSDE to perform database type functionality. If you are an end-user of Microsoft products, it is imperative that you visit the links listed in the "MORE INFO" section below. IMPACT Paritial, or complete, gain of system privileges and database containers. SCOPE All University Microsoft computers using SQL Server or MSDE (server and workstation class). DETAILS Please see the vendor advisory, listed below, for specific details regarding this advisory. DAMAGE Compromise of system privileges; corruption of data; injection of false data; deletion, destruction, modification of data. CSRT recommends immediate upgrades of vulnerable hosts. EXPLOIT No exploits have been made public for these vulnerabilities. ALERTID CSRT2003072501 REVISION Id: csrt-va2003072501.txt,v 1.1 2003/07/25 05:14:23 epancer Exp ______________________________________________________________________ MORE INFO o List of Products that include MSDE 2000 o Microsoft Security Bulletin MS03-031 o Discussion of Microsoft Data Engine ______________________________________________________________________ _____________________________END OF ALERT_____________________________