A demonstration exploit for this vulnerability has been publicly released, as have many SQL injection exploits for various web applications. Administrators are cautioned against assuming that the SQL server cannot be exploited because there is no direct Internet access to the server. As this exploit demonstrates, a remote attacker can reach and exploit the server through the web server.
Administrators are advised to update the web server and SQL server, and the applications running on those servers, with all available patches and services packs. Several patches and additional information about the recommended versions and patches are available at the Microsoft Knowledge Base Article link in the Patches/Software section. This vulnerability is known to affect only Microsoft SQL Server 2000 running Jet Engine 4.0. Additional applications could also be affected because the vulnerability is located in Jet Engine.