{"id":1337,"date":"2008-12-23T12:45:42","date_gmt":"2008-12-23T12:45:42","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=1337"},"modified":"2015-09-09T19:39:07","modified_gmt":"2015-09-09T11:39:07","slug":"microsoft-warns-of-serious-ms-sql-2000-2005-vulnerability","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2008\/12\/microsoft-warns-of-serious-ms-sql-2000-2005-vulnerability\/","title":{"rendered":"Microsoft Warns of Serious MS-SQL 2000 & 2005 Vulnerability"},"content":{"rendered":"
[ad]<\/p>\n
Another big flaw has been discovered in Microsoft software just a few days after they broke their patch cycle to issue a patch<\/a> for the IE bug that allowed remote code execution<\/a>.<\/p>\n This time however it doesn’t really effect home users or the general consumer, it’s a more specific server side vulnerability affecting Microsoft SQL Server 2000 and 2005 versions. It seems pretty serious though as it also appears that this vulnerability if exploited properly could lead to remote code execution.<\/p>\n Just days after patching a critical flaw in its Internet Explorer browser, Microsoft is now warning users of a serious bug in its SQL Server database software. Microsoft issued a security advisory late Monday, saying that the bug could be exploited to run unauthorized software on systems running versions of Microsoft SQL Server 2000 and SQL Server 2005.<\/p>\n Attack code that exploits the bug has been published, but Microsoft said that it has not yet seen this code used in online attacks. Database servers could be attacked using this flaw if the criminals somehow found a way to log onto the system, and Web applications that suffered from relatively common SQL injection bugs could be used as stepping stones to attack the back-end database, Microsoft said.<\/p>\n Desktop users running the Microsoft SQL Server 2000 Desktop Engine or SQL Server 2005 Express could be at risk in some circumstances, Microsoft said. <\/p><\/blockquote>\n Again I wonder how far behind the curve Microsoft is with this? Usually these kind of bugs have been discovered by the more malicious parties way before Microsoft has any idea that their software is vulnerable.<\/p>\n