Home / bulletins MS09-004 - Important: Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420) - Version:1.1
Posted on 05 March 2009
There is an newer version: MS09-004 - Version: 1.2
ImportantSeverity Rating: Important - Revision Note: V1.1 (March 5, 2009): Added entry to section, Frequently Asked Questions (FAQ) Related to This Security Update, announcing a detection logic change to the update packages for Microsoft SQL Server 2000 Desktop Engine (WMSDE) (KB960082). This is a deployment change only that does not affect the files contained in the initial update. Customers who have successfully updated their systems do not need to reinstall this update.Summary: This security update resolves a privately reported vulnerability in Microsoft SQL Server. The vulnerability could allow remote code execution if untrusted users access an affected system or if a SQL injection attack occurs to an affected system. Systems with SQL Server 7.0 Service Pack 4, SQL Server 2005 Service Pack 3, and SQL Server 2008 are not affected by this issue.
Other versions
- MS09-004 - Version: 1.0
- MS09-004 - Version: 1.1
- MS09-004 - Version: 1.2
- MS09-004 - Version: 1.2
