- This issue does not affect supported editions of Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008.
- This vulnerability is not exposed anonymously. An attacker would need to either authenticate to exploit the vulnerability or take advantage of a SQL injection vulnerability in a Web application that is able to authenticate.
- By default, MSDE 2000 and SQL Server 2005 Express do not allow remote connections. An authenticated attacker would need to initiate the attack locally to exploit the vulnerability.
Oh well, "Keep your passwords to yourself" advice would be more appropiate in that I guess or move to 2008 asap :p
Microsoft Security Advisory (961040) - SQL Server
Posted - 23 December 2008 : 15:02:55
