/>
X

Microsoft SQL zero-day adds to IE7 woes

A zero day vulnerability has been reported in Microsoft SQL server.Austrian pen-testing outfit SEC Consult has put out an advisory warning of a limited memory overwrite vulnerability in Microsoft SQL Server.
tom-espiner.jpg
Written by Tom Espiner on

A zero day vulnerability has been reported in Microsoft SQL server.

Austrian pen-testing outfit SEC Consult has put out an advisory warning of a limited memory overwrite vulnerability in Microsoft SQL Server.

Earlier today I spoke to Bernhard Mueller, the security consultant for SEC Consult who found the vulnerability. He told me that SEC Consult had informed Microsoft of the flaw back in April, but that since September there had been "some communication problems", so SEC Consult had decided the publicise the vulnerability. Microsoft has produced a patch, said Mueller, but has not yet released it.

The flaw could allow a SQL injection attack against websites, and also could allow an attack by an authenticated user, added the consultant.

In the advisory is code that people can use to test if their systems are vulnerable.

Mueller told me that the flaw will "probably be exploited in targeted attacks".

A workaround suggested by Mueller is to remove the sp_replwriterovarbin extended stored procedure, and run: execute dbo.sp_dropextendedproc 'sp_replwritetovarbin' as an administrator.

This is the second Microsoft zero-day vulnerability to be reported this week. An flaw for a heap overflow flaw in the IE7 XML parser was publicised on Thursday.

Related

A United Airlines pilot made a big speech to passengers. Not everyone will love it
screen-shot-2022-08-09-at-9-39-33-am.png

A United Airlines pilot made a big speech to passengers. Not everyone will love it

Business
Dear American Airlines customers, your pilot today is a United Airlines trainee
gettyimages-1155904758-american-airlines-dreamliner2.jpg

Dear American Airlines customers, your pilot today is a United Airlines trainee

Business
An Apple employee told me the truth about the M2 MacBook Air (that was the problem)
screen-shot-2022-08-09-at-4-14-46-pm.png

An Apple employee told me the truth about the M2 MacBook Air (that was the problem)

Apple