Many implementations of Microsoft SQL Server (both standalone and embedded) have an open system administrator (SA) account. This could enable a malicious user to execute arbitrary commands on the target machine.
Microsoft SQL Server 2000 has been reported to contain multiple vulnerabilities. These include heap and stack based buffer overflows and network denial of services attacks. (27 May 2002)
Confirm that the SA password is not null,blank, or an application default.
Check the Microsoft site for patches to SQL Server 2000. As of 27 May 2002, there are no patches.