Security vulnerability found in MS SQL Server 2000

Right after the largest Patch Tuesday release in five years, earlier this week, comes news of a new vulnerability discovered in Microsoft's SQL Server 2000. By leveraging this flaw, a remote attacker can execute code on the server. This threat has been confirmed on SQL Server 2000 and SQL Server 2005, though not tested on SQL Server 2008. It appears that SEC Consult discovered this flaw and alerted Microsoft about it in April, but a patch remains uncertain at this point. In the meantime, a workaround to mitigate the problem is possible. This flaw is particularly troublesome due to the widespread use of MS SQL Server as the back end of both client-server and web-based applications. Hopefully, a patch will be released by Microsoft soon.

For more on this story:
- check out this article at the Register
- check out this advisory at SEC Consult

Related Articles:
Patch Tuesday news from FierceCIO
Microsoft releases SQL Server 2005 Service Pack 2
Microsoft to scale out SQL Server 2008