NOD32 and Antivirus News
Threat and Security News

Microsoft acknowledges a long-standing SQL Server flaw

Tuesday, December 23. 2008

It wouldn't be the Christmas season without the tinsel, the holly, and the zero-days. Since early this month, an exploitable buffer overflow has been known to exist in SQL Server, and today Microsoft is acknowledging its existence.

In a security bulletin released yesterday, Microsoft is saying a somewhat simply exploitable vulnerability exists in all presently used versions of SQL Server dating back to SS 2000 Service Pack 4. It has to do with a Transactional-SQL (T-SQL) statement which apparently uses a parameter that isn't checked for type.

BetaNews has seen the code for a publicly available exploit based on information uncovered by security engineer Bernhard Mueller, who contributed information to two of the incidents covered by Microsoft's last Patch Tuesday round. Mueller is the good guy in this story; unfortunately, malicious users with no ingenuity of their own rely on news from Mueller and others for their inspiration.

Bookmark with:


Continue reading "Microsoft acknowledges a long-standing SQL Server flaw"

Posted by Justin Payton in Adware, Spyware and Trojans at 11:38

(Page 1 of 1, totalling 1 entries)

NOD32 AntiVirus Products    Products    NOD32 FAQs    FAQs    Buy NOD32 AntiVirus Online    NOD32 4 Students    NOD32 Student and non-profit Discounts    NOD32 4 Non-Profit    NOD32 online purchase    Buy NOD32 Online    nod32 anti-virus

BETTERANTIVIRUS.COM℠ is a US based reseller of Eset Software's NOD32 Solutions
BETTERANTIVIRUS.COM℠ and it's contents is Copyright © - Web Your Business Inc.
BETTERANTIVIRUS.COM℠ & Web Your Business™ are trademarks of Web Your Business Inc.
ESET®, NOD32, ESET Antivirus, Smart Security® Trademark of ESET, LLC
All rights reserved by their respective owners.

Web Site Hosting by AAA Business Hosting