| T O P I C R E V I E W |
| RichardKinser |
Posted - 23 December 2008 : 15:02:55
Microsoft Security Advisory (961040)
Vulnerability in SQL Server Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/961040.mspx< |
| 2 L A T E S T R E P L I E S (Newest First) |
| MarcelG |
Posted - 24 December 2008 : 04:13:04
Mmm, just when I migrate to SQL2000 this thing comes out... 
Well, let's hope my provider takes the appropriate measures.
Thanks for posting this Richard.< |
| SiSL |
Posted - 23 December 2008 : 18:13:05
- This issue does not affect supported editions of Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008.
- This vulnerability is not exposed anonymously. An attacker would need to either authenticate to exploit the vulnerability or take advantage of a SQL injection vulnerability in a Web application that is able to authenticate.
- By default, MSDE 2000 and SQL Server 2005 Express do not allow remote connections. An authenticated attacker would need to initiate the attack locally to exploit the vulnerability.
Oh well, "Keep your passwords to yourself" advice would be more appropiate in that I guess or move to 2008 asap :p
< |
|
|
