Zero-Day Vulnerability Hits Microsoft's SQL Server
Dan Goodin writes on The Register:
Yet another zero-day vulnerability has been identified in a popular Microsoft product, this time in its SQL Server database. The revelation comes as miscreants are stepping up attacks on a particularly nasty bug in the latest version of Internet Explorer.More here.
The SQL Server bug could allow the remote execution of malicious code, according to researchers at Austria-based SEC Consult. The company said attackers exploiting the flaw would have to be authenticated users on the system, a requirement that a Microsoft spokesman also said minimizes the risk. But an SEC Consult advisory warned it's still possible for outsiders to target the vulnerability remotely on websites that link search boxes, customer data bases or other web apps to SQL Server.
"The vulnerability can be exploited by an authenticated user with a direct database connection, or via SQL injection in a vulnerable web application," the advisory said. "The vulnerability has been successfully used to execute arbitrary code on a lab machine."
SEC Consult has confirmed the flaw in the 2000 and 2005 versions of SQL Server. It has not yet tested version 2008. It triggers the rewriting of a computer's memory by supplying several uninitialized variables to the sp_replwritetovarbin stored procedure. Microsoft was alerted to the bug in April, according to SEC Consult.
There are no reports of the bug being attacked in the wild, a Microsoft spokesman said.