The security problems affect SQL Server 2000 and SQL Server 7.0 and are related to the way these two versions of the product create and display text messages after a query is submitted, the company said in a security bulletin. Microsoft labeled the risk from the first flaw as “moderate” and from the second flaw as “low.”
There are patches available for both holes from Microsoft.