As an Amazon Associate, we earn from qualifying purchases. TweakTown may also earn commissions from other affiliate partners at no extra cost to you.
It looks like there is a new Bug in SQL server that can allow for remote detonation of the server. Well ok not detonation but this newly discovered flaw can allow for remote execution of code.
According to MSA (Microsoft Security Advisory)961040, the flaw affects SQL Server 2000, SQL Server 2005 (with SP 2 or lower) SQL Server 2005 Express Edition, MSDE 2000, WMSDE, and Windows Internal Database.
SQL 7.0 With SP4, 2005 with SP3 and SQL Server 2008 are not affected.
Read more here.
Customers who believe that they have been attacked can obtain security support at Get security support and should contact the national law enforcement agency in their country. Customers in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-PCSAFETY. Additionally, customers in the United States should contact their local FBI office or report their situation at Internet Crime Complaint Center.
Mitigating Factors:
• This issue does not affect supported editions of Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008.
• This vulnerability is not exposed anonymously. An attacker would need to either authenticate to exploit the vulnerability or take advantage of a SQL injection vulnerability in a Web application that is able to authenticate.
• By default, MSDE 2000 and SQL Server 2005 Express do not allow remote connections. An authenticated attacker would need to initiate the attack locally to exploit the vulnerability.
NVIDIA's new GB200 NVL72 AI server: 'highest-power-consuming server in HISTORY' with 132kW TDP
Qualcomm issues response to possible spyware exploit within devices
New server class Kingston FURY Renegade Pro DDR5 memory is all about performance
Blizzard is busy banning Diablo 4 players who used the 'unplug your internet' exploit
Your old iPhone is at risk from a security exploit, download iOS 15.7.4 ASAP
Ocypus unveils a CPU cooler that looks like Tony Stark's heart at Computex 2025
PNY showed us the new RTX PRO 6000 96GB GPU, and it's still somehow a two-slot card
ASRock unveils a first-of-its-kind QHD monitor at Computex 2025
INNO3D put its new GeForce RTX 5090 in an ITX case to play DOOM at 300+ FPS
Phantom Gaming 32-inch QD-OLED 240Hz unveiled at Computex 2025
Corsair Void Wireless v2 Gaming Headset Review - Immersive Sound, All-Day Comfort
Phison Pascari X200Z 3.2TB Enterprise SSD Review - The Ultimate Caching Solution
Solidigm D5-P5336 122.88TB Enterprise SSD Review - High Capacity = High Efficiency
Alienware AW3225DM Gaming Monitor Review - 32-inch QHD 180Hz for $319
GEEKOM A6 Mini PC Review - AMD Ryzen 7 power in a small package
INNO3D GeForce RTX 5060 Ti TWIN X2 16GB Review - Compact, Quiet, Powerful
INNO3D GeForce RTX 5060 Ti TWIN X2 8GB Review - The Lesser RTX 5060 Ti
Sandisk WD_BLACK SN8100 2TB SSD Review - Approaching Optane
Kingston Fury Renegade G5 4TB SSD Review - King for a Day
Orico IG740 Pro 2TB SSD Review - Mass TLC on the Cheap
TweakTown's 2025 CPU Cooler Testing and Methodology Update
How you can become your own Netflix with UGREEN and Seagate
Breathe life into your Socket AM4 system with GIGABYTE's B550 EAGLE WIFI6 motherboard
GIGABYTE X870E Motherboards and AMD Ryzen 9000X3D Processors - A Perfect Match
GIGABYTE's AMD B850 Motherboards Are All PCIe 5.0 Supported and Ready to Unleash Full Potential