Microsoft Releases Two SQL Server Security Patches

Over the past few weeks, Microsoft has released patches for Microsoft SQL Server 7.0. The first vulnerability leaves SQL passwords at risk for being compromised. Click here for information and the patch for the DTS Password vulnerability. The second vulnerability lets malicious users execute a stored procedure without having permission to do so. Click here for information about this vulnerability.

More Problems with .htr Extensions
Microsoft has again warned IIS 5.0 and IIS 4.0 administrators about a new variant of the .htr vulnerability. A new patch is out to cover both this variant and a new vulnerability called the Absent Directory Browser Argument, which centers around a sample administration script included with IIS. The permissions for the tool are also incorrect, which raises additional concern. Click here \[http://www.microsoft.com/technet/security/bulletin/MS00-044.asp\] for information and a patch for IIS 5.0 and IIS 4.0.