Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS Issues Critical SQL Server Flaw Warning

Posted by timothy on from the you-should-have-fixed-it-over-festivus dept.

silent wire writes "ZDNet is reporting on a pre-patch security advisory from Microsoft warning about an unpatched remote code execution vulnerability affecting its SQL Server line. Exploit code is publicly available so affected users should pay special attention to the workarounds from Microsoft."

3 of 69 comments (clear)

  1. So much for time off by The+Yuckinator · · Score: 5, Funny

    Happy Holidays! Now go patch the server.

    1. Re:So much for time off by causality · · Score: 5, Funny

      This means their people are working writing/testing the patch too. I wonder how much nicer it might be for the internet backbones to take a holiday off.

      A holiday off? We can't do that, it might interefere with someone making money. This is the USA goddammit, we can't start placing quality time or family members above making money, we've got our priorities!

      --
      It is a miracle that curiosity survives formal education. - Einstein
  2. Re:Exactly what is vulnerable? by Anonymous Coward · · Score: 5, Informative

    It is important to note that this isn't exploitable unless all of the following is true:

    You are flat out wrong, on all three points, along with the idiots who modded you insightful. RTFA.

    1. The database server is not patched (and the patches are not new).

    There is no patch! The only workaround is to disable execution of an extended stored procedure. Maybe you should read the line that says:

    "Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our security update release process."

    Now, some versions of sql server are not affected at all by this bug, which is different from a patch being available.

    2. Someone is able to connect directly to the database server.

    Or they get something else to run this extended stored procedure. Since this is normally regarded as harmless, it's easier than you think.

    3. That someone authenticates using a privileged user.

    No! In sql server, there are many things that ANY user can use by default, like SELECT GETDATE() which returns the system date & time. By default, this extended stored procedure, sp_replwritetovarbin, can be executed by ANY user.

    This will be exploited only in the situation where the DBA is a complete and total moron of the highest degree.

    You know, I think it's a good idea when the DBAs can actually read and understand what they are reading.