Comments on: Microsoft Warns of Serious MS-SQL 2000 & 2005 Vulnerability http://www.darknet.org.uk/2008/12/microsoft-warns-of-serious-ms-sql-2000-2005-vulnerability/ Ethical Hacking, Penetration Testing & Computer Security Sat, 21 Nov 2009 06:04:59 +0000 http://wordpress.org/?v=2.8.6 hourly 1 By: Bogwitch http://www.darknet.org.uk/2008/12/microsoft-warns-of-serious-ms-sql-2000-2005-vulnerability/#comment-125282 Bogwitch Wed, 24 Dec 2008 00:31:14 +0000 http://www.darknet.org.uk/?p=1337#comment-125282 I'm all for responsible disclosure but I'm not sure that SEC Consult Vulnerability Lab has acted responsibly in this case. They should have forced Microsoft's hand way earlier than this, seven months is an unacceptable delay. There also seems to be a disconnect here... To quote: Marc Maiffret, director of professional services, with The DigiTrust Group, a security consulting firm. “It is rather low risk given other vulnerabilities that exist,” If the vulnerability allows the execution of remote code, I don't see this as low risk. I’m all for responsible disclosure but I’m not sure that SEC Consult Vulnerability Lab has acted responsibly in this case.
They should have forced Microsoft’s hand way earlier than this, seven months is an unacceptable delay.

There also seems to be a disconnect here…
To quote: Marc Maiffret, director of professional services, with The DigiTrust Group, a security consulting firm. “It is rather low risk given other vulnerabilities that exist,”

If the vulnerability allows the execution of remote code, I don’t see this as low risk.

]]> By: navin http://www.darknet.org.uk/2008/12/microsoft-warns-of-serious-ms-sql-2000-2005-vulnerability/#comment-125277 navin Tue, 23 Dec 2008 15:07:01 +0000 http://www.darknet.org.uk/?p=1337#comment-125277 I'd read about this a few weeks back on an underground forum and a few haxors claimed tht they had exploited it successfully....but I din't know it had been discovered in April!! 7 whole months...sheesh!! I’d read about this a few weeks back on an underground forum and a few haxors claimed tht they had exploited it successfully….but I din’t know it had been discovered in April!! 7 whole months…sheesh!!

]]>