Home / / Microsoft issues warning on SQL vulnerability

Microsoft issues warning on SQL vulnerability

Microsoft says it is investigating vulnerability that could leave some versions of SQL open to attack

Microsoft is warning of a potential security vulnerability that threatens users of its SQL database.

The vulnerability could allow attackers to remotely execute code on older versions of the popular database product.

Microsoft says that it has been investigating the vulnerability since April, and although there have been no known exploits as of yet, the company has not decided whether any fix will take the form of an update in a service pack, a patch released as part of the regular schedule of fixes, or a specially released patch.

The affected versions of SQL include SQL Server 2000, SQL Server 2005, SQL Server 2005 Express Edition, SQL Server 2000 Desktop Engine, and Windows Internal Database (WYukon).

In the absence of a patch, Microsoft recommends using a work around that will deny permissions to the SQL procedure that can be used to trigger the bug, and has released a script to automate that work around.

For more information, see the Microsoft security advisory here.

Follow us to get the most comprehensive technology news in UAE delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.