[AccessD] Automatic Upgrade to Jet SP-8 via Microsoft Windows Update facilty

MartyConnelly martyconnelly at shaw.ca
Sat Apr 17 11:32:13 CDT 2004


I had Jet SP-7 installed and was planning to upgrade to SP-8  sometime 
soon. It made the decision for me.
I was wondering if people were also upgraded from Jet SP-4 or 5 etc.
It could be they did this to stop people from running things like 
following that makes all files in
the current folder read only.
SELECT Shell("Cmd /c attrib +R *.*") As c1 From Customers
With a little bit of fiddling with SQL Injection methods you could stuff 
this into a field in a web asp page and have it run on a website using 
Access.
But I don't think this patch was the only problem it was fixing.

How to configure Jet 4.0 to prevent unsafe functions from running in 
Access 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;294698&Product=acc

Gustav Brock wrote:

>Hi Marty
>
>That's why I always download the patches, then install them one by one
>- it allows you to read the notice from MS on the patch.
>
>However, this 837001 patch seems to uninstallable if it causes you
>trouble.
>
>/gustav
>
>
>  
>
>> I am not sure but after checking the version numbers of MSJet40.dll, 
>>DAO360.dll and several others. It appears that Microsoft has upgraded 
>>everyone to an advanced security fix version of  JET SP-8 after 
>>receiving this months Windows Update automatic security upgrades.
>> It would have been nice to have received a notification .;) Not sure 
>>what this will do to Jet Sandbox mode.
>>You can check quickly for the install through the control panel 
>>add/remove programs and look at bottom for MS HotFix 837001.
>>This doesn't apply to the OS's  Windows Me and below.
>>Here are the relevant Url's.
>>Microsoft Security Bulletin MS04-014
>>Vulnerability in the Microsoft Jet Database Engine Could Allow Code 
>>Execution (837001)
>>http://www.microsoft.com/technet/security/bulletin/ms04-014.mspx
>>http://support.microsoft.com/?kbid=837001
>>    
>>
>
>  
>
>>Old Jet Service Pack 8 File Manifest
>>http://support.microsoft.com/?kbid=829558
>>    
>>
>
>  
>
>> The only reason I noticed was I was looking at an article on BBC 
>>Scotland news site describing a 19 year old from Aberdeen, Matt Thompson 
>>who brought the security fault to Microsoft's attention. They happened 
>>to mention the fault was in JET, which piqued my interest to look further.
>>http://news.bbc.co.uk/1/hi/scotland/3630649.stm
>>    
>>
>
>
>  
>
>>-- 
>>Marty Connelly
>>Victoria, B.C.
>>Canada
>>    
>>
>
>  
>

-- 
Marty Connelly
Victoria, B.C.
Canada






More information about the AccessD mailing list