- SQL Server 2000 runs in a security context chosen by the administrator at installation time. By default, it runs as a Domain User. Thus, although the attackerÃ???Ã??Ã?Â¢??s code could take any desired action on the database, it would not necessarily have significant privileges at the operating system level if best practices have been followed.
- The risk posed by the vulnerability could be mitigated by, if feasible, blocking port 1434 at the firewall.
- An attack could be broken off by restarting the SQL Server 2000 service on either of the affected systems. Normal processing on both systems would resume once the attack ceased.
- The vulnerability provides no way to gain any privileges on the system. It is a denial of service vulnerability only.