Microsoft has confirmed the existence of a new and potentially serious security threat to users of its SQL Server database software. "Microsoft is aware that exploit code has been published on the Internet for the vulnerability addressed by this advisory," the company said in a bulletin published Monday.
The threat is essentially software code that hackers could use to access or alter corporate databases built with SQL Server. The malicious code could allow what's known in IT security as remote code execution, a process by which hackers could, for instance, alter figures in a bank account without ever setting foot on the bank's premises.
News source: Information Week
Privilege escalation, From local network
So it would be from a trusted/authenticated user who either is malicious or is 'socially engineered' into running exploit code.
Needs to get patched, as it is important, but at least this isn't remotely and anonymously executable.
"The threat does not affect SQL Server 7.0 Service Pack 4, SQL Server 2005 Service Pack 3, or SQL Server 2008, Microsoft said. "
So just upgrade to the newest SQL version (200
"The threat does not affect SQL Server 7.0 Service Pack 4, SQL Server 2005 Service Pack 3, or SQL Server 2008, Microsoft said. "
So just upgrade to the newest SQL version (200
Yeah, just remember that users are often idiots
I've seen a case of a product written for someone where they log in using SQL server credentials and the only login it accepts is 'SA'
that sounds good if it is your own acc
just a couple of more 0's on the end
Yeah, because typically, banks will have their database machines directly accessible off their web site...
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.