Security pros groan as zero-day hits Microsoft's SQL Server
December 12, 2008[From The Register]
Yet another zero-day vulnerability has been identified in a popular Microsoft product, this time in its SQL Server database. The revelation comes as miscreants are stepping up attacks on a particularly nasty bug in the latest version of Internet Explorer.
The SQL Server bug could allow the remote execution of malicious code, according to researchers at Austria-based SEC Consult. The company said attackers exploiting the flaw would have to be authenticated users on the system, a requirement that a Microsoft spokesman also said minimizes the risk. But an SEC Consult advisory warned it's still possible for outsiders to target the vulnerability remotely on websites that link search boxes, customer data bases or other web apps to SQL Server.
The article continues at http://www.theregister.co.uk/2008/12/11/sql_server_vuln/