I read about a security vulnerability with MS SQL and I wanted to ensure that I close it up. The vulnerability apparently relates to the extended stored procedure "sp_replwritetovarbin" and it is recommended that the procedure be deleted. No one here is using it for anything that I'm aware of, so I tried to do that with no success.
I first tried to do it from query analyzer by setting the current database to master and trying to execute:
DROP PROCEDURE sp_replwritetovarbin;
This does not work and gives me the error message:
Server: Msg 3701, Level 11, State 5, Line 1
Cannot drop the procedure 'sp_replwritetovarbin', because it does not exist or you do not have permission.
Next I tried:
EXEC dbo.sp_dropextendedproc 'sp_replwritetovarbin';
I get the same error message, however. So finally, I tried to do it through the SQL Management Studio on the database server. In the Object Explorer, I went to SERVER | Databases | System Databases | master | Programmability | Extended Stored Procedures | System Extended Stored Procedures. From this node, I right-clicked on sys.sp_replwritetovarbin and selected Delete. The "Delete Object" window appears, I click OK, and it gives me that same error message saying the procedure doesn't exist or I don't have permissions.
The problem I see with this is that I am doing all of this using the "sa" account, so I should be able to do anything right?