Privilege-Elevation Vulnerability in SL Server and MSDE

David Litchfield of NGS Software discovered vulnerabilities in SQL Server and Microsoft Desktop Engine (MSDE) that could result in an unprivileged user gaining control of the database. These vulnerabilities stem from weak default permissions on certain extended

stored procedures that let unprivileged users run these stored procedures with Administrator privileges. Microsoft has released

Security Bulletin MS02-043 (Cumulative Patch for SQL Server) to

address this vulnerability and recommends that affected users download

and apply the patch mentioned in the security bulletin .

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.