Microsoft Product Support Services can provide assistance with this or any other product support issue. Microsoft TechNet Security web site. Information on contacting Microsoft
Product Support Services is available at
Microsoft thanks David Litchfield and Chris Anley of @stake for
reporting this ESB-2000.385 -- Microsoft Security Bulletin MS00-092 -- Patch Available for "Extended Stored Procedure Parameter Parsing" Vulnerability Date: 05 December 2000 Click here for printable version Click here for PGP verifiable version http://qaisoftware.com/microsoft-security/microsoft-security-bulletin-ms08-070.html
IN NO EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS
OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN The vulnerability enables malicious users to run arbitrary code on the server. Microsoft Security Bulletin MS00-006 - Important Patch Available for "Malformed Hit-Highlighting Argument" Vulnerability Published: January 26, 2000 | Updated: March 31, 2000 Version: 1.3 Originally Posted: January 26, 2000 Revised: March MSDE 2000 was
released with SQL Server 2000.
Note: The SQL Server 7.0 patch can be applied atop Service
If you have any questions or need further information, please contact them directly. Built at 2014-04-18T13:49:36Z-07:00 Show: Inherited Protected Print Export (0) Print Export (0) Share IN THIS ARTICLE Is this page helpful? A malicious user who
provided a sufficiently-long parameter to an affected XP could cause a
buffer overrun within srv_paraminfo, in order to either cause the SQL
Server to https://technet.microsoft.com/en-us/library/security/ms00-060.aspx Will Microsoft announce every correction/clarification in email, or will they sometimes update the web page silently (the way they sometimes seem to update and pull patches)?
Even in the case where the malicious user could exploit the vulnerability to run code of her choice, this would not give her administrative control of the server, if recommended practices Microsoft Knowledge Base (KB) article Q280380, http://support.microsoft.com/default.aspx?scid=kb;en-us;280380&sd=tech Other information: Acknowledgments Microsoft thanks David Litchfield and Chris Anley of @stake for reporting this issue to us and working with us to protect customers. However, at a high level of detail, here's how CSS works. Who should use the patch?
On August 25, 2000, Microsoft released the original version of Microsoft Security Bulletin MS00-060, to announce the availability of a patch that eliminates vulnerabilities in Microsoft® Internet Information Server. Both vulnerabilities could enable a malicious user to cause code to run on the machine of another user in the guise of a third-party web site. In this case,
the malicious users code could take any desired action against the
database, but would not gain administrative control of the machine.
July 17, 2000: Release IDs updated to reflect availability of a fix for these issues via a subsequently released patch. http://qaisoftware.com/microsoft-security/microsoft-security-bulletin-advance.html Even if a web application did use an XP, she would need detailed knowledge of the design of the web application in order to feed it parameters that would pass to Your web site would be Web Site A. Suppose Web Site A offers a search feature that lets a user type a word or phrase he'd like to search for.
See References. MICROSOFT DISCLAIMS ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. If this was the case, the malicious user would gain only the privileges of a normal user on the machine. (The sole exception to this is when SQL runs as part http://qaisoftware.com/microsoft-security/microsoft-security-bulletin-ms04-025.html Security Advisories and Bulletins Security Bulletins 2000 2000 MS00-092 MS00-092 MS00-092 MS00-100 MS00-099 MS00-098 MS00-097 MS00-096 MS00-095 MS00-094 MS00-093 MS00-092 MS00-091 MS00-090 MS00-089 MS00-088 MS00-087 MS00-086 MS00-085 MS00-084 MS00-083 MS00-082 MS00-081
What is Microsoft doing about this issue? Microsoft has sent copies of the security bulletin to all subscribers to the Microsoft Product Security Notification Service, a free e-mail service that customers can use to stay up to date Site Links News by Month News Tags Files by Month File Tags File Directory About Us History & Purpose Contact Information Terms of Service Privacy Statement Copyright Information Services Security Services
Acknowledgments Microsoft thanks Internet Security Systems' X-force, and David Litchfield of Cerberus Information Security, Ltd, for reporting these vulnerabilities to us, and working with us to protect customers. Could she add her own XP, solely for the purpose of exploiting this vulnerability? It would depend on the privileges Web Site A has on the user's machine. weblink MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
MSDE 2000 was released with SQL Server 2000. Frequently Asked Questions: Microsoft Security Bulletin MS00-031, http://www.microsoft.com/technet/security/bulletin/fq00-031.mspx Microsoft Knowledge Base (KB) article 260838, A malformed request towards .HTR files denies other HTR requests and puts CPU at 100%, http://support.microsoft.com/default.aspx?scid=kb;en-us;260838 Microsoft So this vulnerability doesn't affect all XPs? Right. How do I use the patch?
The patch eliminates the vulnerability by causing all XPs that ship with SQL Server or MSDE, and which use the srv_paraminfo() API, to ensure that the affected buffer is long enough If the malicious user visited a web site that had a SQL Server back-end, it's possible that she could provide information to the web application that would cause an XP to Information on Cross-Site Scripting Security Vulnerability, http://www.microsoft.com/technet/archive/security/news/crssite.mspx. It will be included in SQL Server 2000 Service Pack 1.
There is a design flaw in srv_paraminfo(), but because of backward compatibility issues, the fix actually needs to be made in the XPs that call it. Information on contacting Microsoft Technical Support is available at http://support.microsoft.com/contactussupport/?ws=support. Affected Software Versions Internet Information Server 4.0 Internet Information Server 5.0 Vulnerability Identifiers Undelimited .HTR Request Vulnerability : CVE-2000-0304 .HTR File Fragment Reading Vulnerability : CVE-2000-0457 Patch Availability Download locations for This approach was chosen over modifying srv_paraminfo() because the latter course of action would have introduced backward compatibility problems.
On February 11, 2000, Microsoft re-released the Windows 2000 version of this patch to take advantage of improvements in the Hotfix packaging tool.