Welcome to dbFreaks.com!
FAQFAQ    SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

New SQLServer threat

  
   Database Help (Home) -> Security RSS
Next:  MySQL settings in PHP file - Help needed  
Author Message
Abba

External


Since: Nov 13, 2008
Posts: 49



(Msg. 1) Posted: Fri Dec 26, 2008 3:25 am
Post subject: New SQLServer threat
Archived from groups: microsoft>public>sqlserver>security, others (more info?)
Hello,

Has anyone installed this? Anything to watch out for?

http://www.informationweek.com/news/security/attacks/showArticle.jhtml...ticleID

TIA,
Abba

 >> Stay informed about: New SQLServer threat 
Back to top
Login to vote
Jonathan Kehayias

External


Since: Nov 22, 2008
Posts: 28



(Msg. 2) Posted: Fri Dec 26, 2008 11:56 am
Post subject: Re: New SQLServer threat [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Which one of the service packs are you asking about and for which version of
SQL Server?

--
Jonathan Kehayias
SQL Server MVP
http://jmkehayias.blogspot.com
http://www.sqlclr.net


"Abba" wrote in message

> Hello,
>
> Has anyone installed this? Anything to watch out for?
>
> http://www.informationweek.com/news/security/attacks/showArticle.jhtml...ticleID
>
> TIA,
> Abba
>
>
>

 >> Stay informed about: New SQLServer threat 
Back to top
Login to vote
Aaron Bertrand [SQL Serve

External


Since: Jan 10, 2008
Posts: 2166



(Msg. 3) Posted: Fri Dec 26, 2008 12:09 pm
Post subject: Re: New SQLServer threat [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
You should read the actual advisory instead of the vague hype:

http://www.microsoft.com/technet/security/advisory/961040.mspx




On 12/26/08 2:16 AM, in article ul5CSoyZJHA.1336.TakeThisOut@TK2MSFTNGP02.phx.gbl,
"Abba" wrote:

> Hello,
>
> Has anyone installed this? Anything to watch out for?
>
> http://www.informationweek.com/news/security/attacks/showArticle.jhtml?article
> ID=212501876
>
> TIA,
> Abba
>
>
>
 >> Stay informed about: New SQLServer threat 
Back to top
Login to vote
Hugo Kornelis

External


Since: Jan 11, 2008
Posts: 440



(Msg. 4) Posted: Fri Dec 26, 2008 5:25 pm
Post subject: Re: New SQLServer threat [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On Fri, 26 Dec 2008 12:46:33 +0530, Abba wrote:

>Hello,
>
>Has anyone installed this? Anything to watch out for?
>
>http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=212501876

Hi Abba,

If "this" refers to the latest service packs for any SQL Server service
you have running, than I guess that most companies will have them
installed or are in the process of preparing. I'd hope that any
self-respecting business will implement every service pack as soon as
possible after it is released.

As to the so-called vulnerability described, I wouldn't worry about
that. An attacker can only take advantage of it if he is already in the
system (either by authenticating or by taking advantage of a SQL
injection weakness). To me, it sounds as warning people that you expose
your house to burglars if you keep the keys in your house after locking
the door.

--
Hugo Kornelis, SQL Server MVP
My SQL Server blog: http://sqlblog.com/blogs/hugo_kornelis
 >> Stay informed about: New SQLServer threat 
Back to top
Login to vote
James Matthews

External


Since: Dec 30, 2008
Posts: 2



(Msg. 5) Posted: Wed Mar 18, 2009 3:25 pm
Post subject: Re: New SQLServer threat [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
I found that running windows 2008 patched this...

--

http://www.astorandblack.com/
"Abba" wrote in message

> Hello,
>
> Has anyone installed this? Anything to watch out for?
>
> http://www.informationweek.com/news/security/attacks/showArticle.jhtml...ticleID
>
> TIA,
> Abba
>
>
>
 >> Stay informed about: New SQLServer threat 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
'Crosspost' Structure a New App (SQLServer C# - Security &.. - Hi Folks - first off, apologies for the cross post but I'm not really sure which group would be most appropriate for these questions - no offence intended! Porting an app from MS Access to VS with C# and SQLServer, I've come across a few design..

lastmodified - Hi, Can someone provide me a simple trigger where it updates a lastmodified column. It should update the column lastmodified whenever an update occurs on all the other columns. Thnx

sql agent service - I have SQL Server 2000 and I want to setup up SQL Server Agent as an automatic service, although I am not seeing it as an available service....how can I add the SQL Server Agent as a service?

db access - I have connected to our group's sql 2000 server with NT authentication but was not expecting it to work. I was not expecting it to work because it's in a different domain that my nt account, although I have the same nt account name in both domains..

Sudden failure to connect to remote SQL Server from Enterp.. - A remote SQL Server has been in my local SQL Server Group for almost two years now and everything has worked fine, but starting this afternoon I have been unable to connect to it; the error message I get is "SQL Server does not exist or access de...
   Database Help (Home) -> Security All times are: Pacific Time (US & Canada)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You can edit your posts in this forum
You can delete your posts in this forum
You can vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]