- SQL Server 2000 runs in a security context chosen by the administrator at installation time. By default, it runs as a Domain User. Thus, although the attacker’s code could take any desired action on the database, it would not necessarily have significant privileges at the operating system level if best practices have been followed.
- The risk posed by the vulnerability could be mitigated by, if feasible, blocking port 1434 at the firewall.
- An attack could be broken off by restarting the SQL Server 2000 service on either of the affected systems. Normal processing on both systems would resume once the attack ceased.
- The vulnerability provides no way to gain any privileges on the system. It is a denial of service vulnerability only.