ITPRO

Printed from www.itpro.co.uk

Register to receive our regular email newsletter at http://www.itpro.co.uk/reg/register.

The newsletter contains links to our latest IT news, product reviews, features and how-to guides, plus special offers and competitions.

Skip to navigation

    Security hole found in Microsoft's SQL Server

More toil for the already over-worked Microsoft security team, as SQL Server is the latest product be hit by issues.

By Asavin Wattanajantra, 23 Dec 2008 at 12:36

Microsoft has warned about another critical vulnerability, this time affecting SQL Server.

The company said that it is investigating reports of a vulnerability which allows remote code execution on systems with versions of Microsoft SQL Server 2000, 2005, 2005 Express Edition, 2000 Desktop Engine, 2000 Desktop Engine, and Windows Internal Database (WYukon).

It added that systems with newer versions, such as Microsoft SQL Server 7.0 Service Pack 4, 2005 Service Pack 3, and Server 2008, were not affected by this issue.

Exploit code has already been published on the internet for the vulnerability, but Microsoft says that it won't have any affect if workarounds listed in its advisory are followed.

The software giant also said that it was currently unaware of any attacks which were using the exploit code.

The advisory stated: “Upon completion of the investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.”

Microsoft stated that the vulnerability could not be exposed anonymously. An attacker would need to authenticate to exploit the vulnerability, or take advantage of a SQL injection vulnerability in a web application that is able to authenticate.

The warning comes only a week after a huge security hole in Internet Explorer was patched up.

Email to a friend

Print this page

Social Bookmark this article: What is this?

Add to: DiggDigg
Add to: Del.icio.usDelicious
Add to: RedditReddit
Add to: StumbleUponStumbleUpon
Add to: SlashdotSlashdot
Add to: GoogleGoogle
Add to: FacebbokFacebook

Be the first to comment on this article

You need to Login or Register to comment.

    Related stories

    Related Tags

vulnerability SQL Server SQL injection flaw vulnerabilities patch Internet Explorer security Microsoft
advertisement

    Latest Security Features

Who should be Britain’s cyber security czar?

Experts reveal what a UK head of cyber security would need to do, while we put forward possible candidates for the role.

Read more

 

More Security Features

    Latest Security Reviews

HP BladeSystem c3000

HP BladeSystem c3000 review: blade server

Rating: 5

Built like a tank and not weighing much less, Dave is relieved that this floor standing ‘data-centre in a box’, comes on wheels.

Read more

 

More Security Reviews

advertisement

    Latest News Videos in Security

Eugene Kaspersky

Video: Mobile security threats and Mac complacency

Play Video: Mobile security threats and Mac complacency   Play

Part two: Eugene Kaspersky, chief executive and founder of Kaspersky Lab, talks about the increasing security threats mobile users are facing.

 

    Blogs

The problem with the Palm Pre

Read more

 

    Whitepapers

Want more background on today's hottest IT trends?

Visit IT PRO's whitepaper library for more on virtualisation, encryption and other topics.

    Register for IT PRO

You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.

Register
Advertisement