Microsoft Acknowledges Critical SQL Server Flaw

December 23rd, 2008 | Category: Tech Talk

Microsoft is investigating new public reports of a vulnerability that could allow remote-code execution on systems with supported editions of its Microsoft SQL Server products.

Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine, Microsoft SQL Server 2000 Desktop Engine, and Windows Internal Database are affected. Systems with Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008 are

not affected by that issue.

“Microsoft is aware that exploit cipher has been published on the World Wide Web for the vulnerability addressed by that advisory,” Microsoft said in its protection advisory. “Currently, Microsoft is not aware of active attacks that use that exploit cipher or of customer impact at that instance.”


Alerting All Database Admins

According to Wolfgang Kandek, CTO of Qualys, the vulnerability in Microsoft’s SQL Server product is […]

Orginal post by dhiram

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists
Related Articles
  • Patch Tuesday Increases Workload for IT Pros
  • Microsoft Warning Not Heeded
  • Patch Tuesday Light, But protection Fixes Are Critical
  • Microsoft Patches Critical Windows TCP Flaw
  • DNS protection Flaw Leaked Before Patches Applied
  • Microsoft Fixes Three Bugs in First 2009 Patch Tuesday
  • Patch Tuesday Offers Four Fixes for Eight Vulnerabilities
  • Apple Finally Releases DNS Patch for Mac OS X
  • Patch Tuesday Addresses Eight Critical Vulnerabilities
  • Patch Tuesday Will Challenge IT with Core Updates

    • No comments yet. Be the first.

    Leave a reply