AOH :: IS1523.HTM

SQL Server vulnerability warning from Microsoft




SQL Server vulnerability warning from Microsoft
SQL Server vulnerability warning from Microsoft



http://software.silicon.com/os/0,39024651,39368848,00.htm 

By Steven Musil
silicon.com
23 December 2008

Microsoft has issued an advisory confirming a remote code execution 
vulnerability affecting its SQL Server line.

The vulnerability affects Microsoft SQL Server 2000, Microsoft SQL 
Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL 
Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2000 
Desktop Engine (WMSDE), and Windows Internal Database (WYukon). 
Microsoft said systems with Microsoft SQL Server 7.0 Service Pack 4, 
Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008 
are not affected by this issue.

Microsoft's advisory said: "Microsoft is aware that exploit code has 
been published on the internet for the vulnerability addressed by this 
advisory. Our investigation of this exploit code has verified that it 
does not affect systems that have had the workarounds listed below 
applied. Currently, Microsoft is not aware of active attacks that use 
this exploit code or of customer impact at this time."

"In addition, due to the mitigating factors for default installations of 
MSDE 2000 and SQL Server 2005 Express, Microsoft is not currently aware 
of any third-party applications that use MSDE 2000 or SQL Server 2005 
Express which would be vulnerable to remote attack. However, Microsoft 
is actively monitoring this situation to provide customer guidance as 
necessary."

Microsoft said it was unaware of any active attacks utilising the 
exploit code.

The advisory comes less than a week after Microsoft released a critical 
security patch to plug vulnerabilities in Internet Explorer amid 
malicious attackers taking advantage of the security flaws.


_______________________________________________      
Help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html 

Site design & layout copyright © 1986-2014 CodeGods