Frequently Asked Questions
What is the scope of the vulnerability?
This is a buffer overrun vulnerability. An attacker who successfully exploited this vulnerability could gain the same level of privileges over the system as the program that initiated the broadcast request. The actions that an attacker could carry out on the system would depend on the permissions of the user account under which the program using MDAC ran.
If the program ran with limited privileges, an attacker would be limited accordingly. However, if the program ran under the context of Local System, the attacker could gain the same level of permissions. What causes the vulnerability?
The vulnerability results because of an unchecked buffer in a specific MDAC component. If an attacker were able to successfully exploit this vulnerability, it could allow them to gain control over the system and take any action that the legitimate process executing MDAC could take. What is Microsoft Data Access Components?
Microsoft Data Access Components (MDAC) is a collection of components that make it easy for programs to access databases and to change the data within them. Modern databases may take a variety of forms (for example, SQL Server databases, Microsoft Access databases, and XML files) and may be housed in a variety of locations (for example, on the local system or on a remote database server).
MDAC provides a consolidated set of functions for working with these data sources in a consistent manner. A good discussion of MDAC and the components that it provides is available on MSDN. Do I have MDAC on my system?
It is very likely that you do because MDAC is a ubiquitous technology: | • | MDAC installs as part of Windows 2000, SQL Server 2000, Windows XP, and Windows Server 2003. | | • | MDAC is available for download from the Microsoft Web site. | | • | MDAC is installed by many other Microsoft programs. To name just a few cases, it is installed as part of the Microsoft Windows NT 4.0 Option Pack, Microsoft Access, and SQL Server. |
A tool is available that can help you determine what version of MDAC is running on your system. Microsoft Knowledge Base article 301202 "HOW TO: Check for MDAC Version" describes this tool and explains how to use it. Also, Microsoft Knowledge Base article 231943 discusses the release history of the different versions of MDAC. Why did Microsoft Windows Update offer me a language version of the security update that is different than I expected?
It is recommended, but not necessary, to install the language version of this update that follows the MDAC language that the customer has installed. Customers download this security update by using Windows Update, and subsequently by using Microsoft Software Update Services (SUS), based on the language version of Windows that a customer has.
A customer could have a more recent version of MDAC installed, which is localized into a language other than the language of the instance of Windows. For example, if a customer installs a Spanish language instance of SQL Server installed on an English instance of Windows, the customer may have a Spanish language version of MDAC installed. This is a supported configuration for which we would recommend the Spanish language update. Certain log entries note the disparity. If the customer prefers the Spanish update, they should install the security update by using the download links that are at the beginning of this security bulletin. Note: While the installation of this security update is in English, the security update in itself is localized and Windows Update will offer customers an update that match the language version of Windows they have. What might an attacker use the vulnerability to do?
This vulnerability could enable an attacker to reply to a client system request with a malformed User Datagram Protocol (UDP) packet, which would cause a buffer overrun to occur. If an attacker were to successfully exploit this vulnerability, they could take any action that they wanted to on the system that the overrun process could take. How could an attacker exploit this vulnerability?
An attacker could exploit this vulnerability by simulating a server running SQL Server that listens on a network for a client system to request an enumeration of all systems on the specific network that are running SQL Server. By replying to that request with a specially-crafted packet, an attacker could cause a buffer overrun to occur in a specific MDAC component on the client system. What does the update do?
This security update removes the vulnerability by validating that the number of bytes that are specified in the reply is of an appropriate value.
Security Update Information
Installation platforms and Prerequisites: For information about the specific security update for your platform, click the appropriate link:
Microsoft Data Access Components (all versions)
Prerequisites This security update requires that you have any one of the following MDAC versions installed: Inclusion in future service packs: The fix for this issue will be included in MDAC 2.8 Service Pack 1. Installation Information This update supports the following Setup switches: /? Displays the list of installation switches. /Q Uses Quiet mode. /T:<full path> Specifies the temporary working folder. /C Extracts files only to the folder when it is used with /T. /C:<Cmd> Overrides the Install command that author defines. /N Does not restart the dialog box. Deployment Information For example, the following command-line command installs the security update without any user intervention and suppresses a restart: <LAN>_Q832483_MDAC_X86.EXE /C:"dahotfix.exe /q /n" /q:a English, for example, <LAN> is ENU. The /q switch that is specified for Dahotfix.exe is for a silent install. The /n switch suppresses the restart. The trailing /q:a switch is to also suppress the end-user license agreement (EULA) pop-up window. Restart Requirement You must restart your computer after you apply this security update. Removal Information This security update cannot be removed after it has been installed. File Information The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel. MDAC 2.5 Service Pack 2: 29-Oct-2003 | 02:20 | 3.520.6101.0 | 212,992 | Odbc32.dll | 28-Oct-2003 | 21:44 | 3.70.11.46 | 24,848 | Odbcbcp.dll | 28-Oct-2003 | 00:06 | 3.520.6101.0 | 102,672 | Odbccp32.dll | 28-Oct-2003 | 21:44 | 3.70.11.46 | 524,560 | Sqlsrv32.dll |
MDAC 2.5 Service Pack 3: 29-Oct-2003 | 02:24 | 3.520.6301.0 | 212,992 | Odbc32.dll | 28-Oct-2003 | 21:44 | 3.70.11.46 | 24,848 | Odbcbcp.dll | 28-Oct-2003 | 01:08 | 3.520.6301.0 | 102,672 | Odbccp32.dll | 28-Oct-2003 | 21:44 | 3.70.11.46 | 524,560 | Sqlsrv32.dll |
MDAC 2.6 Service Pack 2: 28-Oct-2003 | 17:22 | 2000.80.747.0 | 86,588 | Dbnetlib.dll | 29-Oct-2003 | 02:35 | 3.520.7502.0 | 417,792 | Odbc32.dll | 28-Oct-2003 | 17:22 | 2000.80.747.0 | 29,252 | Odbcbcp.dll | 29-Oct-2003 | 02:34 | 3.520.7502.0 | 217,088 | Odbccp32.dll | 28-Oct-2003 | 17:22 | 2000.80.747.0 | 479,800 | Sqloledb.dll | 28-Oct-2003 | 17:22 | 2000.80.747.0 | 455,236 | Sqlsrv32.dll |
MDAC 2.7 28-Oct-2003 | 05:09 | 2000.81.9002.0 | 61,440 | Dbnetlib.dll | 28-Oct-2003 | 05:05 | 3.520.9002.0 | 204,800 | Odbc32.dll | 28-Oct-2003 | 05:10 | 2000.81.9002.0 | 24,576 | Odbcbcp.dll | 28-Oct-2003 | 05:09 | 3.520.9002.0 | 94,208 | Odbccp32.dll | 28-Oct-2003 | 05:06 | 2.70.9002.0 | 413,696 | Oledb32.dll | 28-Oct-2003 | 05:09 | 2000.81.9002.0 | 450,560 | Sqloledb.dll | 28-Oct-2003 | 05:09 | 2000.81.9002.0 | 356,352 | Sqlsrv32.dll |
MDAC 2.7 Service Pack 1 or MDAC 2.7 Service Pack 1 Refresh: 28-Oct-2003 | 04:12 | 2000.81.9042.0 | 61,440 | Dbnetlib.dll | 28-Oct-2003 | 04:09 | 2.71.9042.0 | 126,976 | Msdart.dll | 28-Oct-2003 | 04:09 | 3.520.9042.0 | 204,800 | Odbc32.dll | 28-Oct-2003 | 04:13 | 2000.81.9042.0 | 24,576 | Odbcbcp.dll | 28-Oct-2003 | 04:13 | 3.520.9042.0 | 98,304 | Odbccp32.dll | 28-Oct-2003 | 04:10 | 2.71.9042.0 | 417,792 | Oledb32.dll | 28-Oct-2003 | 04:12 | 2000.81.9042.0 | 471,040 | Sqloledb.dll | 28-Oct-2003 | 04:12 | 2000.81.9042.0 | 385,024 | Sqlsrv32.dll |
MDAC 2.8: 12-Dec-2003 | 23:40 | 2000.85.1025.0 | 24,576 | Odbcbcp.dll | 19-Nov-2003 | 00:38 | 2000.85.1025.0 | 401,408 | Sqlsrv32.dll |
MDAC 2.8 for Windows Server 2003 64-Bit Edition: 15-Dec-2003 | 18:51 | 2000.85.1025.0 | 49,152 | Odbcbcp.dll | 15-Dec-2003 | 18:52 | 2000.85.1025.0 | 978,944 | Sqlsrv32.dll |
Verifying Update Installation To verify that the security update is installed on your computer, check the file manifests that are listed in this bulletin and make sure that you have the correct versions of the files. You may also be able to verify that this security update is installed by reviewing the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\DataAccess\Q832483 For the Microsoft Data Access Components 2.8 that shipped in Windows Server 2003 64-Bit Edition you can verify that this security update is installed by reviewing the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB832483 Note These registry keys may not be not created correctly if an administrator or an OEM integrates or slipstreams the 832483 security update into the Windows installation source files. Obtaining other security updates: Updates for other security issues are available from the following locations: | • | Security updates are available from the Microsoft Download Center, and can be most easily found by doing a keyword search for "security_patch". | | • | Updates for consumer platforms are available from the WindowsUpdate Web site. |
Support: | • | Technical support is available from Microsoft Product Support Services at 1-866-PCSAFETY for customers in the U.S. and Canada. There is no charge for support calls that are associated with security updates. | | • | International customers can get support from their local Microsoft subsidiaries. There is no charge for support associated with security updates. Information on how to contact Microsoft support is available at the International Support Web Site. |
Security Resources: Software Update Services (SUS): Microsoft Software Update Services (SUS) enables administrators to quickly and reliably deploy the latest critical updates and security updates to Windows® 2000 and Windows Server™ 2003-based servers, as well as to desktop computers running Windows 2000 Professional or Windows XP Professional. For information about how to deploy this security update with Software Update Services, visit the Software Update Services Web site. Systems Management Server (SMS): Systems Management Server can provide assistance deploying this security update. For information about Systems Management Server visit the SMS Web Site. Disclaimer: The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Revisions: | • | V1.0 January 13, 2004: Bulletin published | | • | V1.1 January 30, 2004: Updated the IPSEC policy in the Workarounds section, updated the command line install string under the Deployment Information section. | | • | V1.2 April 1, 2004: Updated caveats section with advice for customers who have encrypted their temporary files. |
|
|
|
