Unable to drop an extended stored procedure in MS SQL 2005
I read about a security vulnerability with MS SQL and I wanted to ensure that I close it up. The vulnerability apparently relates to the extended stored procedure "sp_replwritetovarbin" and it is recommended that the procedure be deleted. No one here is using it for anything that I'm aware of, so I tried to do that with no success.
I first tried to do it from query analyzer by setting the current database to master and trying to execute:
DROP PROCEDURE sp_replwritetovarbin;
This does not work and gives me the error message:
Server: Msg 3701, Level 11, State 5, Line 1
Cannot drop the procedure 'sp_replwritetovarbin', because it does not exist or you do not have permission.
Next I tried:
EXEC dbo.sp_dropextendedproc 'sp_replwritetovarbin';
I get the same error message, however. So finally, I tried to do it through the SQL Management Studio on the database server. In the Object Explorer, I went to SERVER | Databases | System Databases | master | Programmability | Extended Stored Procedures | System Extended Stored Procedures. From this node, I right-clicked on sys.sp_replwritetovarbin and selected Delete. The "Delete Object" window appears, I click OK, and it gives me that same error message saying the procedure doesn't exist or I don't have permissions.
The problem I see with this is that I am doing all of this using the "sa" account, so I should be able to do anything right?
I first tried to do it from query analyzer by setting the current database to master and trying to execute:
DROP PROCEDURE sp_replwritetovarbin;
This does not work and gives me the error message:
Server: Msg 3701, Level 11, State 5, Line 1
Cannot drop the procedure 'sp_replwritetovarbin', because it does not exist or you do not have permission.
Next I tried:
EXEC dbo.sp_dropextendedproc 'sp_replwritetovarbin';
I get the same error message, however. So finally, I tried to do it through the SQL Management Studio on the database server. In the Object Explorer, I went to SERVER | Databases | System Databases | master | Programmability | Extended Stored Procedures | System Extended Stored Procedures. From this node, I right-clicked on sys.sp_replwritetovarbin and selected Delete. The "Delete Object" window appears, I click OK, and it gives me that same error message saying the procedure doesn't exist or I don't have permissions.
The problem I see with this is that I am doing all of this using the "sa" account, so I should be able to do anything right?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sweet. I'll review the link you provided. Thanks!
Microsoft Security Advisory: Vulnerability in SQL Server could allow remote code execution
http://support.microsoft.com/kb/961040
Or just update SQL Server.