Ramiro
31st January 2003, 23:43
SP3 wasn't released several months ago as you said.
As stated in Microsoft Security Bulletin MS02-061, in the Technical Details Section:
Technical description:
Microsoft originally released this bulletin and patch on October 16, 2002 to correct a security vulnerability in a SQL Server stored procedure. The patch was and still is effective in eliminating the security vulnerability, and includes the fix for the vulnerability exploited by the "Slammer" worm virus (Note: Slammer affects only SQL Server 2000 and MSDE 2000). However, while the patch was fully effective in eliminating the security vulnerability, in October, 2002, it was found to interfere with SQL Server operations under some circumstances. As a result, on October 30, 2002, an additional non-security hotfix (317748) was required to ensure normal operations of SQL Server.
Microsoft released SP3 just last week. Included in this SP it was the hotfix for the security vulnerability, but also, it was included the SP for MDAC 2.7. Microsoft adviced everybody to install SP3 instead of installing just the fix.
Evidently, something has changed between MDAC 2.7 and MDAC 2.7 SP1.
It seems that Microsoft will have to release an additional non-security hotfix again, to solve the performance problem introduced in MDAC 2.7 SP1.
As stated in Microsoft Security Bulletin MS02-061, in the Technical Details Section:
Technical description:
Microsoft originally released this bulletin and patch on October 16, 2002 to correct a security vulnerability in a SQL Server stored procedure. The patch was and still is effective in eliminating the security vulnerability, and includes the fix for the vulnerability exploited by the "Slammer" worm virus (Note: Slammer affects only SQL Server 2000 and MSDE 2000). However, while the patch was fully effective in eliminating the security vulnerability, in October, 2002, it was found to interfere with SQL Server operations under some circumstances. As a result, on October 30, 2002, an additional non-security hotfix (317748) was required to ensure normal operations of SQL Server.
Microsoft released SP3 just last week. Included in this SP it was the hotfix for the security vulnerability, but also, it was included the SP for MDAC 2.7. Microsoft adviced everybody to install SP3 instead of installing just the fix.
Evidently, something has changed between MDAC 2.7 and MDAC 2.7 SP1.
It seems that Microsoft will have to release an additional non-security hotfix again, to solve the performance problem introduced in MDAC 2.7 SP1.