Microsoft warns of new server vulnerabilities

SQL Server 2000, Microsoft Desktop Engine and Exchange are all vulnerable to newly discovered exploits

Microsoft has warned of several newly discovered security holes in SQL Server, Microsoft Desktop Engine and Exchange software, the most serious of which could give an attacker control over an installation of SQL Server.

The software company also issued a corrected version of last month's cumulative patch for Windows Media Player, which left out some bug fixes, although it said that this mistake did not reduce the effectiveness of the original patch. The new Windows Media Player patch is available here.

Two of the exploits were serious enough for Microsoft to class as "critical" -- its most severe rating -- because they allow artibrary code to be executed on SQL Server 2000. The exploits in question involve sending a carefully crafted packet to the SQL Server Resolution Service, which exists to help coordinate multiple installations of the server on the same machine.

The attack can cause a buffer overrun in the system memory, allowing a skilled attacker to run code in the server's security context. However, Microsoft said that by default, SQL Server 2000 runs as a Domain User, which has limited priveleges.

This attack may be easily prevented by blocking port 1434, Microsoft said.

Another bug in the Resolution Service would allow a denial-of-service attack by causing two SQL Server 2000 systems to enter into an endless communications loop, significantly degrading performance. The warning and patch for all three problems is here.

Microsoft also warned of two vulnerabilities that affect both SQL Server 2000 and Microsoft Desktop Engine, allowing an attacker to run code on the server, for which an explanation and patch are available here.

The company said that Exchange is vulnerable to a buffer overflow attack when responding to an SMTP client's EHLO command. The alert and patch are available here.

Microsoft has vowed to make security its top priority, even if it means delaying important products. However, industry experts say that Microsoft's plan can only be effective as a long-term commitment.

A more immediate response may have been achieved via new legislation. A recent security survey found that the number of successful attacks on Windows and government servers had dropped off steeply, following an amendment to the US's Cyber Security Enhancement Act, which gives life imprisonment to hackers who put lives at risk.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.