DarkFiber Consulting – IT Managed Services

Microsoft Releases Security Advisory (961040)

December 23rd, 2008 . by DarkFiber Consulting

Microsoft has released Security Advisory 961040 to address reports of attacks against a new vulnerability in Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine, Microsoft SQL Server 2000 Desktop Engine, and Windows Internal Database. The vulnerability occurs in the extended stored procedure “sp_replwriteovarbin.” Exploitation of this vulnerability may allow an authenticated attacker to execute arbitrary code. Additionally, if a web application is vulnerable to SQL injection, an unauthenticated, remote attacker may be able to execute arbitrary code.

DarkFiber Consulting encourages users to review the Microsoft Security Advisory 961040 and implement any Suggested Actions to help mitigate the risks.