Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
SQL Server Security Patches; Problems with .htr Extensions
Allen Jones tells you about two vulnerabilities in SQL Server 7.0 and the patches to correct them as well as the continuing problems with .htr extensions.
Allen Jones
July 18, 2000
1 Min Read
Microsoft Releases Two SQL Server Security Patches
Over the past few weeks, Microsoft has released patches for Microsoft SQL Server 7.0. The first vulnerability leaves SQL passwords at risk for being compromised. Click here for information and the patch for the DTS Password vulnerability. The second vulnerability lets malicious users execute a stored procedure without having permission to do so. Click here for information about this vulnerability.
More Problems with .htr Extensions
Microsoft has again warned IIS 5.0 and IIS 4.0 administrators about a new variant of the .htr vulnerability. A new patch is out to cover both this variant and a new vulnerability called the Absent Directory Browser Argument, which centers around a sample administration script included with IIS. The permissions for the tool are also incorrect, which raises additional concern. Click here [http://www.microsoft.com/technet/security/bulletin/MS00-044.asp] for information and a patch for IIS 5.0 and IIS 4.0.
About the Author
You May Also Like
