Microsoft has released a security patch to repair a flaw in an application programming interface (API) that works with extended stored procedures. A user exploiting this breach could execute foreign code or shut down the server. The problem affects SQL Server 2000 and 7.0, SQL Server Desktop Engine 2000 (MSDE 2000), and Microsoft Data Engine 1.0 (MSDE 1.0). You can apply the SQL Server 7.0 patch on top of Service Pack 2 (SP2) and the SQL Server 2000 patch on top of SQL Server 2000. Microsoft plans to include the patch in the next service pack releases. You can download the patch from For more information about the patch, see