Tuesday, December 23, 2008

0 Day Microsoft SQL Vulnerability

Important News Some of You Might Want to Hear:

 

Microsoft has confirmed the existence of a new and potentially serious security threat to users of its SQL Server database software.
The threat is exploitable software code that hackers could use to access or alter corporate databases built with SQL Server. The malicious code could allow remote code execution - a process by which hackers could, as one example, alter a bank account via remote access.
Microsoft said SQL Server 2000, SQL Server 2005, SQL Server 2005 Express Edition, SQL Server 2000 Desktop Engine, and Windows Internal Database (WYukon) are all vulnerable to the threat.
Microsoft is urging customers who believe they've been targeted by anyone using the vulnerability to contact Microsoft customer service, as well as the Federal Bureau of Investigation and the Internet Crime Complaint Center.
They don't appear to be releasing a patch at this time. There's a shoddy workaround.
http://www.microsoft.com/technet/security/advisory/961040.mspx

 

1 comment:

Thanks for taking a moment to leave a comment! Please keep the language clean. (If you are considering spamming the blog, don't bother. It's going to be deleted anyway.)