Have you applied the latest SQL Server security patch? And how can you stay on top of all the security fixes coming down the pike from Microsoft and other sources? Security is an important topic in IT regardless of which technologies you specialize in, and lately I've been thinking about SQL Server security quite a bit. I'm planning to weave security discussions into my SQL Server UPDATE commentary during the next several weeks. But this week, I tell you about the most recent security patch from Microsoft, available online and one way you can stay abreast of Microsoft security patches.
The patch in Microsoft Security Bulletin MS02-020 (SQL Extended Procedure Functions Contain Unchecked Buffers) addresses an unchecked buffer security vulnerability that could let an intruder either crash your SQL Server or--even worse--run code of the attacker's choice. Neither option is particularly pleasant, and Microsoft's understated recommendation is to "apply the patch immediately to affected systems." The security bulletin provides instructions for applying the patch. Before you download the patch, you need to install SQL Server 2000 Service Pack 2 (SP2) or SQL Server 7.0 SP4. You'll find more details about the specific nature of the vulnerability in the Microsoft article "FIX: SQL Extended Procedure Functions Contain Unchecked Buffers".
Staying up-to-date with the latest security bulletins can be difficult, but that's the way to find a particular vulnerability before intruders do. To stay current, subscribe to the Microsoft HotFix & Security Bulletin Service at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/current.asp.
Trying to keep the intruders out without keeping on top of the latest security announcements is like playing video games against a Microsoft Xbox master who knows the secret codes that you don't know. The odds aren't fair, and you'll probably end up dead. The HotFix & Security Bulletin Service will ensure that you have the latest security information from Microsoft.
Computer systems will always have undetected security vulnerabilities, and we'll always have intruders. It's the nature of the game. The trick is to be vigilant and proactive in your approach to security management.