Microsoft is warning customers of a remote code execution vulnerability affecting certain versions of SQL Server 2000 and SQL Server 2005 that miscreants could use to gain elevated privileges and wreak all kinds of havoc on affected systems.
In a Monday security bulletin, Microsoft said the flaw affects SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2000 Desktop Engine (WMSDE) and Windows Internal Database (WYukon).
Systems running SQL Server 2008, SQL Server 7.0 Service Pack 4 and SQL Server 2005 Service Pack 3 aren't affected, according to Microsoft.
Security researcher Bernhard Mueller of SEC Consulting published details of the SQL Server flaw on Dec. 9, after initially notifying Microsoft of the vulnerability in April.
According to SEC Consulting's advisory, Microsoft claimed to have developed a fix for the issue in September, but didn't offer details on when it would be released.
Mueller's last contact with Microsoft was Sept. 29, and the researcher made three additional attempts to contact the company before going public with the exploit. Microsoft didn't include a fix for the SQL Server flaw in its most recent Patch Tuesday release on Dec. 9.
Microsoft said in the bulletin that it's aware that exploit code for the vulnerability is circulating online, but isn't aware of any active exploits. Microsoft is continuing to investigate, and is advising customers to disable the "sp_replwritetovarbin" procedure as a workaround.
"Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process or an out-of-cycle security update, depending on customer needs," Microsoft said in the bulletin.
|
10 Letdowns From The Facebook IPO Filing It may make a lot of its employees millionaires, but Facebook's IPO filing was disappointing in a few areas. |
|
Seven Hot Business Apps For Mac OS X Macworld/iWorld, the new name for the Macworld expo, featured the first OS X Zone. The sold-out section of the showroom floor was dedicated to exhibitors with software and accessories for Apple's Mac desktops and laptops. |
|
The New Face Of Linux Distros In 2012 From specialized OSes for fixed functions like kiosks or security, to revamped GUIs on general operating systems, Linux desktops in 2012 are taking on a new look. |
 More
Slide Shows |
- The Importance of Partner Enablement in a Changing Software Industry
- The Cloud Computing Opportunity – How to Effectively Tap into the Future of IT
- Seize the Cloud! Proven Near-Term Tactics From Successful Service Providers: Hear the Inside Secrets from the fastest growing $2m+ MSPs
- Open Source and the Channel: A Perfect Pairing
