The Forum has been Updated
The code has been upgraded to the latest .NET core version. Please check instructions in the Community Announcements about migrating your account.
Microsoft Security Advisory (961040)
Vulnerability in SQL Server Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/961040.mspx<
Vulnerability in SQL Server Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/961040.mspx<
Posted
- This issue does not affect supported editions of Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008.
- This vulnerability is not exposed anonymously. An attacker would need to either authenticate to exploit the vulnerability or take advantage of a SQL injection vulnerability in a Web application that is able to authenticate.
- By default, MSDE 2000 and SQL Server 2005 Express do not allow remote connections. An authenticated attacker would need to initiate the attack locally to exploit the vulnerability.
Oh well, "Keep your passwords to yourself" advice would be more appropiate in that I guess or move to 2008 asap :p
<
- This vulnerability is not exposed anonymously. An attacker would need to either authenticate to exploit the vulnerability or take advantage of a SQL injection vulnerability in a Web application that is able to authenticate.
- By default, MSDE 2000 and SQL Server 2005 Express do not allow remote connections. An authenticated attacker would need to initiate the attack locally to exploit the vulnerability.
Oh well, "Keep your passwords to yourself" advice would be more appropiate in that I guess or move to 2008 asap :p
<
Posted
Mmm, just when I migrate to SQL2000 this thing comes out... 
Well, let's hope my provider takes the appropriate measures.
Thanks for posting this Richard.<
Well, let's hope my provider takes the appropriate measures.
Thanks for posting this Richard.<