Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Second Zero Day Flaw Nails Microsoft In Two Weeks
For the second time in two weeks, Microsoft is rushing to fix a zero-day vulnerability. This time the flaw is in some versions of the software used to run corporate databases.
George V. Hulme, Contributing Writer
December 23, 2008
1 Min Read
For the second time in two weeks, Microsoft is rushing to fix a zero-day vulnerability. This time the flaw is in some versions of the software used to run corporate databases.Unlike the patch that recently was released for the zero-day vulnerability that surfaced on Patch Tuesday (12/9), there have been no confirmed attacks against this latest threat. Early reports indicate vulnerable applications include: Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2000 Desktop Engine, and Windows Internal Database.
Fortunately, the latest versions -- the more recent Microsoft SQL Server 2008 and Microsoft SQL Server 7.0 Service Pack 4 of SQL -- aren't at risk to this attack.
A potential mitigating factor for this vulnerability is that whether the attacker is local or remote attacker, it must be authenticated to the target system.
Microsoft's advisory for the issue is available here.
Read more about:
2008About the Author
You May Also Like
More Insights
