Microsoft issues warning on SQL vulnerability
Microsoft says it is investigating vulnerability that could leave some versions of SQL open to attack
Microsoft is warning of a potential security vulnerability that threatens users of its SQL database.
The vulnerability could allow attackers to remotely execute code on older versions of the popular database product.
Microsoft says that it has been investigating the vulnerability since April, and although there have been no known exploits as of yet, the company has not decided whether any fix will take the form of an update in a service pack, a patch released as part of the regular schedule of fixes, or a specially released patch.
The affected versions of SQL include SQL Server 2000, SQL Server 2005, SQL Server 2005 Express Edition, SQL Server 2000 Desktop Engine, and Windows Internal Database (WYukon).
In the absence of a patch, Microsoft recommends using a work around that will deny permissions to the SQL procedure that can be used to trigger the bug, and has released a script to automate that work around.
For more information, see the Microsoft security advisory here.