Microsoft Warns of Serious MS-SQL 2000 & 2005 Vulnerability

Outsmart Malicious Hackers


Another big flaw has been discovered in Microsoft software just a few days after they broke their patch cycle to issue a patch for the IE bug that allowed remote code execution.

This time however it doesn’t really effect home users or the general consumer, it’s a more specific server side vulnerability affecting Microsoft SQL Server 2000 and 2005 versions. It seems pretty serious though as it also appears that this vulnerability if exploited properly could lead to remote code execution.

Just days after patching a critical flaw in its Internet Explorer browser, Microsoft is now warning users of a serious bug in its SQL Server database software. Microsoft issued a security advisory late Monday, saying that the bug could be exploited to run unauthorized software on systems running versions of Microsoft SQL Server 2000 and SQL Server 2005.

Attack code that exploits the bug has been published, but Microsoft said that it has not yet seen this code used in online attacks. Database servers could be attacked using this flaw if the criminals somehow found a way to log onto the system, and Web applications that suffered from relatively common SQL injection bugs could be used as stepping stones to attack the back-end database, Microsoft said.

Desktop users running the Microsoft SQL Server 2000 Desktop Engine or SQL Server 2005 Express could be at risk in some circumstances, Microsoft said.

Again I wonder how far behind the curve Microsoft is with this? Usually these kind of bugs have been discovered by the more malicious parties way before Microsoft has any idea that their software is vulnerable.

It claims that the code hasn’t been used in online attacks, but honestly if it was used well by a smart party who would even know? SQL injection could lead to this attack being executed and the code is published online so I find it unlikely that it hasn’t been used.

The bug lies in a stored procedure called “sp_replwritetovarbin,” which is used by Microsoft’s software when it replicates database transactions. It was publicly disclosed on December 9 by SEC Consult Vulnerability Lab, which said it had notified Microsoft of the issue in April.

“Systems with Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008 are not affected by this issue,” Microsoft said in its advisory.

This is the third serious bug in Microsoft’s software to be disclosed in the past month, but it is unlikely to be used in widespread attacks, according to Marc Maiffret, director of professional services, with The DigiTrust Group, a security consulting firm. “It is rather low risk given other vulnerabilities that exist,” he said via instant message. “There are a lot of better ways to currently compromise windows systems.”

The bug was discovered by someone in April this year, so that’s at least 7 months someone has known about it..but only know when the vendor discloses it then Microsoft chooses to say something about it.

It is a fairly low risk vulnerability due to the requirements needed to execute it effectively, but still it’s another chink in the Microsoft armour to add to the (long long) list.

Source: Network World

Posted in: Database Hacking, Exploits/Vulnerabilities, Windows Hacking

, , , , ,


Latest Posts:


snallygaster - Scan For Secret Files On HTTP Servers snallygaster – Scan For Secret Files On HTTP Servers
snallygaster is a Python-based tool that can help you to scan for secret files on HTTP servers, files that are accessible that shouldn't be public and can pose a s
Portspoof - Spoof All Ports Open & Emulate Valid Services Portspoof – Spoof All Ports Open & Emulate Valid Services
The primary goal of the Portspoof program is to enhance your system security through a set of new camouflage techniques which spoof all ports open and also emulate valid services on every port.
Cambridge Analytica Facebook Data Scandal Cambridge Analytica Facebook Data Scandal
One of the biggest stories of the year so far has been the scandal surrounding Cambridge Analytica that came out after a Channel 4 expose that demonstrated the depths they are willing to go to profile voters, manipulate elections and much more.
GetAltName - Discover Sub-Domains From SSL Certificates GetAltName – Discover Sub-Domains From SSL Certificates
GetAltName it's a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.
Memcrashed - Memcached DDoS Exploit Tool Memcrashed – Memcached DDoS Exploit Tool
Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan.
QualysGuard - Vulnerability Management Tool QualysGuard – Vulnerability Management Tool
QualysGuard is a web-based vulnerability management tool provided by Qualys, Inc, which was the first company to deliver vulnerability management services as a SaaS-based web-service.


2 Responses to Microsoft Warns of Serious MS-SQL 2000 & 2005 Vulnerability

  1. navin December 23, 2008 at 3:07 pm #

    I’d read about this a few weeks back on an underground forum and a few haxors claimed tht they had exploited it successfully….but I din’t know it had been discovered in April!! 7 whole months…sheesh!!

  2. Bogwitch December 24, 2008 at 12:31 am #

    I’m all for responsible disclosure but I’m not sure that SEC Consult Vulnerability Lab has acted responsibly in this case.
    They should have forced Microsoft’s hand way earlier than this, seven months is an unacceptable delay.

    There also seems to be a disconnect here…
    To quote: Marc Maiffret, director of professional services, with The DigiTrust Group, a security consulting firm.