For those using SQL Server 7 the following might be worth looking at.... Ron. **** This Security Alert is brought to you by Windows 2000 Magazine and NTSecurity.net. http://www.win2000mag.net/Email/Index.cfm?ID=5 **** ====================== FREE BOOKS ONLINE! ========================== Windows IT Library, a technical reference library specifically for Windows IT professionals, gives you the information you need when you need it. For your source of free books and other technical content, visit http://www.WindowsITLibrary.com/, a member of the Windows 2000 Magazine Network. Tell us what features you'd like to see in the library by filling out a short survey at http://www.zoomerang.com/survey.zgi?KWPEGQ28TFH4G8TWRXCQAK0G. ===================================================================== July 11, 2000 - Adina Reeve reported a problem with SQL Server 7.0 that can let intruders run stored procedures they would generally be unable to access. Microsoft has released a patch for the problem. USSRLabs reported a Denial of Service condition in WircSrv; however, no patch is currently available for the problem. James Megna reported that CourseInfo 4.0 exposes Registry keys that contain an administrative password used to gain elevated privileges within the software package. No fix is available for the problem, but a workaround that prevents part of the problem is available. * CourseInfo Exposes Admin Psw http://www.ntsecurity.net/go/load.asp?iD=/security/course1.htm * WircSrv Subject to DoS http://www.ntsecurity.net/go/load.asp?iD=/security/wircsrv1.htm * SQL 7.0 Exposes Stored Procedures http://www.ntsecurity.net/go/load.asp?iD=/security/sql7-6.htm Thank you for subscribing to Security UPDATE. Please tell your friends about this newsletter and alert list! Sincerely, The Security UPDATE Team, [EMAIL PROTECTED] ______________________________________________________________________ The KCFusion.org list and website is hosted by Humankind Systems, Inc. Questions, Comments or Glowing Praise.. mailto:[EMAIL PROTECTED] To Subscribe.................... mailto:[EMAIL PROTECTED] To Unsubscribe................ mailto:[EMAIL PROTECTED]
