Security Update
The table below shows security patches issued between Feb. 26, 2000, and Mar. 17, 2000. Bulletins that describe these patches are at www.microsoft.com/technet/security/current.asp. For information on recent security patches for Windows 2000, see “First Windows 2000 Hotfix Released“.
| Threat | Systems Affected | Cause | Bulletin |
| A remote attacker can issue arbitrary commands to a SQL Server database through a Web site. | Site Server 3.0 Commerce Edition with any supported version of SQL Server | Some sample code (and some code generated by the Site Builder Wizard) does not validate the contents of an input field before sending it to the database. By entering SQL code in this field, an attacker can execute arbitrary commands on the Web site’s database server. | ms00-010 (Feb. 18) |
| A Web site operator can read files belonging to a visitor, if the file’s name is known to the operator. | Internet Explorer 4.x, 5.x, and any other product that includes build 2000 |
Atlas Members have full access
Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.
Membership OptionsAlready have an account? Login Now