SqlSecurityHandler is invoked

I had an admin come to me this morning regarding a SQL Server box that had suddenly gone down. The SQL Service and SQL Agent where both stopped. When I looked at the SQL Server error log I noticed the following error: “SqlSecurityHandler is invoked. Potential buffer overrun detected – server is terminating.” I went to the trusty google box and didn’t find a ton of useful info, but I did finally come across a KB from Microsoft.

This SQL Server is handling a third-party database whose developers have decided it’s ok to use “SELECT *” in many of their queries. They have also opted to not use stored procedures alone. Both of which I think are bad ideas. They have deadlocks that pop up all of the time, and I see many holes in their reasoning but there’s not a ton I can do to change any of that. They’ve never tested under the load that they are getting with us, so I believe they are learning the hard way that their product might not be as scalable as they thought.

Anyway, I’ve run many a trace against the box through perfmon, profiler and DBCC TRACEON without incidence, but it turns out that it’s possible to crash the server when the following criteria are met:

“The SQL Server process may end unexpectedly when you turn on trace flag -T1204 and a profiler trace is capturing the Lock:DeadLock Chain event in SQL Server 2000 SP4”. We were able to determine that the vendor had been running a profiler trace capturing that event during the time that this happened.  The server was patched up to 2040, but obviously this hotfix is supposed to fix this issue. I decided this would be a good time to go ahead and bring it up to hotfix 2273 given the problems that we’ve had. That means I chose to bypass 2050 and go with 2273. That means I chose QFE over GDR. I’ve included a link to an explanation that helped me understand those two items. Normally, it would be recommended that you stay with the GDR unless you need a specific fix above that hotfix. At least that’s the way I understood it.

Cumulative list of SQL Server 2000 hotfixes


Microsoft Security Bulletin MS08-040