Security hole found in Microsoft's SQL Server
More toil for the already over-worked Microsoft security team, as SQL Server is the latest product be hit by issues.
Microsoft has warned about another critical vulnerability, this time affecting SQL Server.
The company said that it is investigating reports of a vulnerability which allows remote code execution on systems with versions of Microsoft SQL Server 2000, 2005, 2005 Express Edition, 2000 Desktop Engine, 2000 Desktop Engine, and Windows Internal Database (WYukon).
It added that systems with newer versions, such as Microsoft SQL Server 7.0 Service Pack 4, 2005 Service Pack 3, and Server 2008, were not affected by this issue.
Exploit code has already been published on the internet for the vulnerability, but Microsoft says that it won't have any affect if workarounds listed in its advisory are followed.
The software giant also said that it was currently unaware of any attacks which were using the exploit code.
The advisory stated: "Upon completion of the investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs."
Microsoft stated that the vulnerability could not be exposed anonymously. An attacker would need to authenticate to exploit the vulnerability, or take advantage of a SQL injection vulnerability in a web application that is able to authenticate.
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
The warning comes only a week after a huge security hole in Internet Explorer was patched up.
-
AWS hits back at EU cloud 'gatekeeper' designation hintsNews Gatekeeper designation under the legislation would force AWS and Microsoft to make concessions
-
Is the Top500 meaningless? Not so, says US national laboratory CTOIn-depth LINPACK may measure only one process, but there are real and meaningful use cases for exascale systems
-
OpenAI expands 'Daybreak' cyber program: New tools, partnerships, and a cyber-focused GPT-5.5 aim to help 'patch the world'News The company has added new tools, signed up partners, and released its GPT-5.5-Cyber model more widely
-
AI is shrinking attack windows, and it’s forcing a complete rethink of cyber resilience – here’s how organizations can prepareNews Commvault has urged companies to improve their business continuity and resilience plans in the face of flaws spotted by AI
-
Anthropic targets vulnerability detection gains with Claude Security public beta — here's what users can expectNews The Claude Mythos developer is aiming for a more limited approach to cyber tooling for public consumption
-
Researchers warn millions of RDP and VNC servers are wide open to exploitationNews Researchers at Forescout spotted millions of RDP and VNC servers exposed online
-
Brace yourselves for a vulnerability explosion, Forescout warnsNews AI advances are helping identify software flaws at record pace and scale, but that's not the good news some would think
-
Ubuntu vulnerability exposes enterprises to root escalation, complete system compromiseNews The high-severity Ubuntu vulnerability allows an unprivileged local attacker to escalate privileges through the interaction of two standard system components
-
Security agencies issue warning over critical Cisco Catalyst SD-WAN vulnerabilityNews Threat actors have been exploiting the vulnerability to achieve root access since 2023
-
Millions of developers could be impacted by flaws in Visual Studio Code extensions – here's what you need to know and how to protect yourselfNews The VS Code vulnerabilities highlight broader IDE security risks, said OX Security