Software
Services
Security
Hardware
Networking
Mobility
Voice & Data
Storage
Sales & Marketing
Training & Development
Strategy
Finance
Login
|
Register
|
Sitemap
|
RSS
Features
|
Galleries
|
Events
|
Awards
|
Magazine
|
Newsletter
|
Subscribe
|
Fast50
Home
>
News
>
Technology
>
Software
>
Microsoft raises alarm over SQL server flaw
Software
Microsoft raises alarm over SQL server flaw
By
Kevin McLaughlin
Dec 29, 2008 9:15 AM
Tags:
microsoft
|
server
|
sql
|
flaw
|
security
|
vulnerability
Microsoft says it's aware of exploit code that's circulating online for an unpatched vulnerability in SQL Server, and is looking into the issue..
Microsoft is warning customers of a remote code execution vulnerability affecting certain versions of SQL Server 2000 and
SQL
Server 2005 that miscreants could use to gain elevated privileges and wreak all kinds of havoc on affected systems.
In a Monday security bulletin
, Microsoft said the flaw affects SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2000 Desktop Engine (WMSDE) and Windows Internal Database (WYukon).
Systems running SQL Server 2008, SQL Server 7.0 Service Pack 4 and SQL Server 2005 Service Pack 3 aren't affected, according to Microsoft.
Security researcher Bernhard Mueller of SEC Consulting published details of the SQL Server flaw on Dec. 9, after initially notifying Microsoft of the vulnerability in April.
According to SEC Consulting's advisory
, Microsoft claimed to have developed a fix for the issue in September, but didn't offer details on when it would be released.
Mueller's last contact with Microsoft was Sept. 29, and the researcher made three additional attempts to contact the company before going public with the exploit. Microsoft didn't include a fix for the SQL Server flaw in its most recent Patch Tuesday release on Dec. 9.
Microsoft said in the bulletin that it's aware that
exploit
code for the vulnerability is circulating online, but isn't aware of any active exploits. Microsoft is continuing to investigate, and is advising customers to disable the "sp_replwritetovarbin" procedure as a workaround.
"Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process or an out-of-cycle security update, depending on customer needs," Microsoft said in the bulletin.
See original article on CRN.com
Related Articles
Microsoft call to drop EBS “like a bombshell”
Is Microsoft overhyping security in Windows 7?
SSL flaw prompts security scramble
Microsoft warns of new flaw in IE
Breaking Stories
Online retailer's 'reseller only' claims rejected
Harris Technology and Engin partner for VoIP
Cisco readies new UC server
SugarCRM broadens channel recruiting efforts
Businesses warned of new spam threat
Related Listings
Microsoft Pty Ltd
Copyright (c) 2009 CMP Media LLC
All rights reserved.
Email this
Print this
Tweet this
Send us your tips
Comments
Be the first to comment on this article.
Thoughts on this article? Add a comment below.
Comment:
Want to participate in the discussion?
Register for FREE
Or
log in
now to comment
Ads by Google
Top Stories
Opinion: “Myopic” Microsoft lost in the cloud
Has Microsoft got Google on the brain?
Microsoft call to drop EBS “like a bombshell”
Hundreds of thousands of dollars in potential sales lost.
Managed print: Fix the doc and prosper
Generating documents eats away at companies’ margins in an insidious manner. Intelligent solutions can bring it all under control, writes Anthony Caruana
Most Read
|
Most Discussed
Online retailer's 'reseller only' claims rejected
Microsoft call to drop EBS “like a bombshell”
Datacom data centre flooded by Melbourne storm
Ex-IBMers enter the channel
Apple confirms Australia iPad release
Resellers in uproar over SaaS pricing
Telstra and NBN Co agree to NBN field test
Microsoft call to drop EBS “like a bombshell”
Sun's open-source exec departs in wake of Oracle acquisition
From the coalface: The IT profession needs to grow up
Shortcuts
all you need to know on...
Latest Comments
"Maybe you might like to take a look at Naverisk RMM platfrom which was launched from the outset ..."
on
Resellers in uproar over SaaS pricing
by
Checka
Mar 15, 2010 2:34 PM
"Whilst I agree in principle, our I.T businesses, unless one specialises only in one or two ..."
on
From the coalface: The IT profession needs to grow up
by
spook1958
Mar 15, 2010 10:20 AM
"At least someone has stood up to Oracle and its stance on opensource software. May be more will ..."
on
Sun's open-source exec departs in wake of Oracle acquisition
by
wwwalker
Mar 11, 2010 6:51 PM
"Actually, there seems to be an opportunity for a reseller with lots of ambition. What's to stop ..."
on
Microsoft call to drop EBS “like a bombshell”
by
bld
Mar 11, 2010 1:46 PM
"This is all a big lie. We are a preferred IT supplier to the Insurance industry, shipping to ..."
on
Dell shipments delayed by IT upgrade
by
gscanlan@pc-deal.com
Mar 11, 2010 1:32 PM
Polls
How will Cisco's split with HP affect your business?
Not at all
A minor annoyance but no lasting effect
A big pain clearing stock and re-certifying
Cisco and HP? Never heard of them
|
View results
Not at all
52%
A minor annoyance but no lasting effect
9%
A big pain clearing stock and re-certifying
12%
Cisco and HP? Never heard of them
27%
TOTAL VOTES: 85
Vote now
view previous polls »
CRN Magazine
Issue:
277
|
March, 2010
CRN Magazine looks in-depth at the emerging issues and developments for the Channel, and provides insight, analysis and strategic information to help resellers better run their businesses.
What's in this issue?
Subscribe Now!