Two additional security updates are avalaible on Microsoft's TechNet. They were posted in conjunction with DirectX 9.0b.
Microsoft Security Bulletin MS03-029: Flaw in Windows NT Function Could Allow Denial of Service (823803)
Microsoft Security Bulletin MS03-031: Cumulative Patch for Microsoft SQL Server (815495)
Microsoft Security Bulletin MS03-029:
Flaw in Windows Function Could Allow Denial of Service (823803)
A flaw exists in a Windows NT Server 4.0 function that might cause a denial-of-service vulnerability. The flaw occurs because the affected function can cause memory that the function does not own to be freed when some overly long parameters are passed to the function. If the application that makes the request to the function does not carry out any user-input validation and permits the overly long parameters to be passed to the function, the function may free memory that the function does not own. Therefore, the application that passes the request might stop working.
The information in this article applies to:Microsoft Windows NT Server 4.0Microsoft Windows NT Server 4.0 Terminal Server Edition
Microsoft Knowledge Base Article - 823803 Microsoft Security Bulletin MS03-031:
Cumulative Patch for Microsoft SQL Server (815495)
Microsoft has released a security patch to correct vulnerabilities in the following products: Microsoft SQL Server 2000 Service Pack 3 (SP3)Microsoft SQL Server 2000 Desktop Engine (MSDE) Service Pack 3Microsoft SQL Server 2000 64-bitMicrosoft SQL Server 7.0 Service Pack 4 (SP4)Microsoft Data Engine 1.0 Service Pack 4 (SP4)
Here is a list of the vulnerabilities that are resolved in this security patch: Named Pipe Hijacking Named Pipe Denial of Service SQL Server Buffer Overrun
Microsoft Knowledge Base Article - 815495
Microsoft Security Bulletin MS03-029: Flaw in Windows NT Function Could Allow Denial of Service (823803)
Microsoft Security Bulletin MS03-031: Cumulative Patch for Microsoft SQL Server (815495)
Microsoft Security Bulletin MS03-029:
Flaw in Windows Function Could Allow Denial of Service (823803)
A flaw exists in a Windows NT Server 4.0 function that might cause a denial-of-service vulnerability. The flaw occurs because the affected function can cause memory that the function does not own to be freed when some overly long parameters are passed to the function. If the application that makes the request to the function does not carry out any user-input validation and permits the overly long parameters to be passed to the function, the function may free memory that the function does not own. Therefore, the application that passes the request might stop working.
The information in this article applies to:Microsoft Windows NT Server 4.0Microsoft Windows NT Server 4.0 Terminal Server Edition
Microsoft Knowledge Base Article - 823803 Microsoft Security Bulletin MS03-031:
Cumulative Patch for Microsoft SQL Server (815495)
Microsoft has released a security patch to correct vulnerabilities in the following products: Microsoft SQL Server 2000 Service Pack 3 (SP3)Microsoft SQL Server 2000 Desktop Engine (MSDE) Service Pack 3Microsoft SQL Server 2000 64-bitMicrosoft SQL Server 7.0 Service Pack 4 (SP4)Microsoft Data Engine 1.0 Service Pack 4 (SP4)
Here is a list of the vulnerabilities that are resolved in this security patch: Named Pipe Hijacking Named Pipe Denial of Service SQL Server Buffer Overrun
Microsoft Knowledge Base Article - 815495
