COMMAND

    SQL Server

SYSTEMS AFFECTED

    Microsoft SQL Server 7.0

PROBLEM

    If a specially-malformed  TDS packet is  sent to a  SQL server, it
    can cause the SQL service to crash.  This vulnerability would  not
    allow any  inappropriate access  to the  data on  the server,  nor
    would  it  allow  a  malicious  user  to  usurp any administrative
    control on  the machine.  An affected  machine could  be put  back
    into service  by restarting  the SQL  service. This  vulnerability
    could only  be remotely  exploited if  port 1433  were open at the
    firewall.  Microsoft acknowledges Kevork Belian for bringing  this
    issue to their attention.

SOLUTION

    Patch availability:

    - Intel:
        http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16923
    - alpha:
        http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16924

    This patch does not locate the SQL folder and install the  patched
    files into it; instead,   you must copy the three  files contained
    in it to the MSSQL7/BINN folder.