Your Ad Here

Wednesday, December 24, 2008

Microsoft announces SQL-injection Exploit

On Monday Microsoft warned that a security researcher had published an exploit for an un-patched flaw in the SQL database software.

SecurityOrb.com researchers published:

"The information could allow malicious attackers the ability to compromise Web sites that use Microsoft's software to serve up dynamic Web pages. The vulnerability affects older versions of the software, including Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine, Microsoft SQL Server 2000 Desktop Engine and Windows Internal Database, the company said in an advisory."

No comments: