Jump to content
The Inquirer-Home
Chips > Server

SQL Server vulnerability warning

Vole issues workarounds
By Nick Farrell
Tuesday, 23 December 2008, 12:57

SOFTWARE GIANT Microsoft has warned that there is a SQL Server vulnerability out there that allows an attacker to bring down the server remotely.

Exploit code has already appeared online to target the flaw, which allows remote code execution.

The glitch affects SQL Server 2000, SQL Server 2005, SQL Server 2005 Express Edition, SQL Server 2000 Desktop Engine, SQL Server 2000 Desktop Engine, and Windows Internal Database.

A spokesvole said systems with SQL Server 7.0 Service Pack 4, SQL Server 2005 Service Pack 3, and SQL Server 2008 are not affected.

According to the Vole's advisory, exploit code for the vulnerability has been published on the Internet but it hasn't seen that used in earnest yet. µ

 

Share this:

< Previous article| Next article >
Comments
Note

"The Vole advises people to turn off their computers and play Monopoly."

lol Vole ... monopoly.
Even my subconscious jokes around at full speed.

posted by : John, 23 December 2008 Complain about this comment
I read somewhere else

that Microbloat knew about this for some time. Customized Unix for the big ones or Linux for smaller ones should be the platforms for all servers. I love my Mac but don't think it should be out there running critical server systems. Set a customized Unix system in place and there is little need to ever upgrade it unlike the the daily updates from the Bloatware company.

posted by : Regulas, 23 December 2008 Complain about this comment
Attention people that don't know what a patch is, or how to or care to read...

So, what you're saying is that the fix was published long before the vulnerability was out there? I'm reading this as "Hey, if you're using un-patched software, you're at risk of this exploit", kind of like "If you turned your anti-virus update off, you're at risk for new viruses..."
If you noticed, the latest SERVICE PACK fixed the problem for SQL 2000, 2005, and all of SQL 2008. That means, the exploit being talked about here is old news because all the latest versions of software have this hole plugged up. Okay, let me try your reporting approach for myself...

LATE BREAKING NEWS BULLETIN:
Windows 95 has severe exploits in it!
If you are not using the latest service pack for Windows 95, there is a serious exploit out there...

but i digress.

posted by : Max Weber, 23 December 2008 Complain about this comment
@Max Weber, it's not patched, please re-read the MS page.

Dear Max and MS Users,

It's not patched as of 22nd Dec 2008, except for 2005 and 2008 versions if service packs are applied. Any of the older versions are unpatched at present.

I expect this means that Windows Server2003 and it's SQL products are affected, which could be a large problem.

Does it also affect SQL in Access?

posted by : interested_party, 24 December 2008 Complain about this comment
Advertisement
Subscribe to the INQ Newsletter
Sign-up for the INQBot weekly newsletter
Click here to sign up Existing user
INQ Whitepapers

Business Intelligence Software

Customer Relationship Management (CRM)

Enterprise Accounting Software

Enterprise Resource Planning (ERP)

Enterprise Systems Management

Jobs
Powered by INQJOBS
Advertisement
INQ Poll

Browsers

Who will win the next round of browser wars?

View other polls
Follow us:
Business & Technology websites:
Business research resources:
Products:
Investment Market IT websites:
Find out what you are worth:
Search for a job: