Security pros groan as zero-day hits Microsoft's SQL Server

Friday Dec 12th 2008 by DatabaseJournal.com Staff
Share:

Yet another zero-day vulnerability has been identified in a popular Microsoft product, this time in its SQL Server database.

[From The Register]

Yet another zero-day vulnerability has been identified in a popular Microsoft product, this time in its SQL Server database. The revelation comes as miscreants are stepping up attacks on a particularly nasty bug in the latest version of Internet Explorer.

The SQL Server bug could allow the remote execution of malicious code, according to researchers at Austria-based SEC Consult. The company said attackers exploiting the flaw would have to be authenticated users on the system, a requirement that a Microsoft spokesman also said minimizes the risk. But an SEC Consult advisory warned it's still possible for outsiders to target the vulnerability remotely on websites that link search boxes, customer data bases or other web apps to SQL Server.

The article continues at http://www.theregister.co.uk/2008/12/11/sql_server_vuln/

Share:
Home
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved