Microsoft Admits New SQL Server Vulnerability - 23 Dec 2008

Remote code execution possible

A security vulnerability in SQL Server could allow the remote execution of code, Microsoft said Tuesday. The vulnerability affects SQL Server 2005, SQL Server 2005 Express Edition, SQL Server 2000, SQL Server 2000 Desktop Engine (MSDE 2000), SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon). The company says that an attacker would need to either authenticate to exploit the vulnerability or take advantage of a SQL injection vulnerability in a web application that's able to authenticate. See more information at Microsoft's website.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish