Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Advisory 961040 - New SQL Server remote connections vulnerability

A new vulnerability has been discovered affecting SQL Server and Microsoft is working on a patch for this issue.  Most SQL Server versions are vulnerable (except 2008 and 2005 SP3). Exploits are also publicly circulating for these less secure implementations of SQL-Server

Direct remote and untrusted connections to SQL-Server should NOT be used for web based applications.  A better design is to use a DMZ server topology for web apps, special trusted port redirects, authorized user accounts, and other more secure techniques.  

AV protection will most likely emerge and it's important to stay up-to-date.  Corporate users should apply any applicable workarounds and monitor for further developments.

Advisory 961040 - New SQL Server remote connections vulnerability
http://isc.sans.org/diary.html?storyid=5545

QUOTE: "Clients and applications that utilize MSDE 2000 or SQL Server 2005 Express are at risk of remote attack if they have modified the default installation to accept remote connections, if they allow untrusted users access to MSDE 2000 or SQL Server 2005 Express, or if an application that uses MSDE 2000 or SQL Server 2005 Express has a SQL Injection vulnerability.

Microsoft Security Advisory (961040)
Vulnerability in SQL Server Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/961040.mspx
http://support.microsoft.com/kb/961040

QUOTE: Microsoft is aware that exploit code has been published on the Internet for the vulnerability addressed by this advisory. Our investigation of this exploit code has verified that it does not affect systems that have had the workarounds listed below applied. Currently, Microsoft is not aware of active attacks that use this exploit code or of customer impact at this time.


Please see WORKAROUNDS published in the bulletin for ideas on how to mitigate the current public exploit