Cesar Cerrudo and Mark Litchfield of Next Generation Security Software discovered multiple vulnerabilities in SQL Server 2000 and Microsoft SQL Server Desktop Engine (MSDE) 2000, the most severe of which can lead to remote compromise of the vulnerable server. Microsoft has released Security Bulletin MS02-034 (Cumulative Patch for SQL Server) to address these vulnerabilities and recommends that affected users download and apply the appropriate patch mentioned in the bulletin. These patches are cumulative and address all previously discovered vulnerabilities in the affected product.
http://www.secadministrator.com/articles/index.cfm?articleid=25868