TweakTown
Tech content trusted by users in North America and around the world
5,676 Reviews & Articles | 36,072 News Posts
Weekly Giveaway: Fractal Design Arc Cases Contest (Global Entry!)

New SQL Server Exploit Found

Microsoft working on a fix

| Computer Systems News | Posted: Dec 23, 2008 2:30 pm

It looks like there is a new Bug in SQL server that can allow for remote detonation of the server. Well ok not detonation but this newly discovered flaw can allow for remote execution of code.

 

According to MSA (Microsoft Security Advisory)961040, the flaw affects SQL Server 2000, SQL Server 2005 (with SP 2 or lower) SQL Server 2005 Express Edition, MSDE 2000, WMSDE, and Windows Internal Database.

 

SQL 7.0 With SP4, 2005 with SP3 and SQL Server 2008 are not affected.

 

Read more here.

 

New SQL Server Exploit Found

Customers who believe that they have been attacked can obtain security support at Get security support and should contact the national law enforcement agency in their country. Customers in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-PCSAFETY. Additionally, customers in the United States should contact their local FBI office or report their situation at Internet Crime Complaint Center.
Mitigating Factors:

 

• This issue does not affect supported editions of Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008.

 

• This vulnerability is not exposed anonymously. An attacker would need to either authenticate to exploit the vulnerability or take advantage of a SQL injection vulnerability in a Web application that is able to authenticate.

 

• By default, MSDE 2000 and SQL Server 2005 Express do not allow remote connections. An authenticated attacker would need to initiate the attack locally to exploit the vulnerability.

 

Related Tags

Further Reading: Read and find more Computer Systems news at our Computer Systems news index page.

Do you get our news RSS feed? Get It!

Post a Comment about this news

Latest Tech News Posts

View More News Posts

Latest Downloads

View More Latest Downloads

TweakTown Web Poll

Question: Did EA kill the Battlefield franchise with the terrible BF4 issues?

Yes, Battlefield is doomed

No, Battlefield will live on strong

I'm not sure, but I know EA needs to improve its game

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases
Get TweakTown updates via Facebook!
Just click the "Like" button below