Recent Posts | - May, 2023-5,(1)
- February, 2023-2,(1)
- November, 2022-11,(1)
- July, 2022-7,(2)
- March, 2022-3,(1)
- November, 2021-11,(2)
- August, 2021-8,(2)
- July, 2021-7,(2)
- June, 2021-6,(1)
- May, 2021-5,(1)
- March, 2021-3,(1)
- February, 2021-2,(2)
- January, 2021-1,(7)
- December, 2020-12,(3)
- March, 2020-3,(2)
- February, 2020-2,(1)
- December, 2019-12,(2)
- November, 2019-11,(1)
- October, 2019-10,(1)
- September, 2019-9,(1)
- August, 2019-8,(1)
- May, 2019-5,(1)
- April, 2019-4,(2)
- March, 2019-3,(2)
- December, 2018-12,(1)
- November, 2018-11,(4)
- July, 2018-7,(1)
- May, 2018-5,(3)
- April, 2018-4,(2)
- February, 2018-2,(3)
- January, 2018-1,(3)
- November, 2017-11,(2)
- August, 2017-8,(1)
- June, 2017-6,(3)
- May, 2017-5,(5)
- February, 2017-2,(1)
- December, 2016-12,(1)
- October, 2016-10,(2)
- September, 2016-9,(1)
- August, 2016-8,(1)
- July, 2016-7,(1)
- March, 2016-3,(2)
- February, 2016-2,(3)
- December, 2015-12,(5)
- November, 2015-11,(5)
- September, 2015-9,(1)
- August, 2015-8,(2)
- July, 2015-7,(1)
- March, 2015-3,(2)
- February, 2015-2,(1)
- December, 2014-12,(4)
- July, 2014-7,(2)
- June, 2014-6,(2)
- May, 2014-5,(3)
- April, 2014-4,(3)
- March, 2014-3,(1)
- December, 2013-12,(2)
- November, 2013-11,(1)
- July, 2013-7,(1)
- June, 2013-6,(2)
- May, 2013-5,(1)
- March, 2013-3,(3)
- February, 2013-2,(3)
- January, 2013-1,(1)
- December, 2012-12,(3)
- November, 2012-11,(1)
- October, 2012-10,(1)
- September, 2012-9,(1)
- August, 2012-8,(1)
- July, 2012-7,(6)
- June, 2012-6,(1)
- April, 2012-4,(1)
- March, 2012-3,(3)
- February, 2012-2,(3)
- January, 2012-1,(4)
- December, 2011-12,(3)
- October, 2011-10,(3)
- September, 2011-9,(1)
- August, 2011-8,(10)
- July, 2011-7,(2)
- June, 2011-6,(7)
- March, 2011-3,(2)
- February, 2011-2,(3)
- January, 2011-1,(1)
- September, 2010-9,(1)
- August, 2010-8,(2)
- June, 2010-6,(1)
- May, 2010-5,(1)
- April, 2010-4,(3)
- March, 2010-3,(2)
- February, 2010-2,(3)
- January, 2010-1,(1)
- December, 2009-12,(3)
- November, 2009-11,(3)
- October, 2009-10,(2)
- September, 2009-9,(5)
- August, 2009-8,(3)
- July, 2009-7,(9)
- June, 2009-6,(2)
- May, 2009-5,(2)
- April, 2009-4,(9)
- March, 2009-3,(6)
- February, 2009-2,(4)
- January, 2009-1,(10)
- December, 2008-12,(5)
- November, 2008-11,(5)
- October, 2008-10,(13)
- September, 2008-9,(10)
- August, 2008-8,(7)
- July, 2008-7,(8)
- June, 2008-6,(12)
- May, 2008-5,(14)
- April, 2008-4,(12)
- March, 2008-3,(17)
- February, 2008-2,(10)
- January, 2008-1,(16)
- December, 2007-12,(6)
- November, 2007-11,(4)
|
|
|
|
Unpatched Vulnerabiltiy discovered in Microsoft SQL Server
|
9/2/2009 1:19:21 PM
|
|
There are many emphases for the SQL DBA, one of the major items is security. Where I work security and patching have taken on new importance over the past 12 months. Patching which used to be a yearly event, is now monthly or even weekly. Combine that with SOX Controls and other internal controls, there is a focus on security. Part of that is seen in SQL Server from Microsoft, kudos!
The product gained a new level of security with SQL Server 2005. Service Pack 2 gave us Login Triggers / Service Broker Events. SQL 2008 saw the Builtin\Administrators account gone (separation of duties) and even more controls.
Than today it was distressing to see a news report about Microsoft ignoring a vulnerability with SQL Server, basically dismissing it as anyone with administrator privileges already has control [What happenned to separation of duties?]. The whole point of where security with SQL Server was going was to ensure that administrators could be properly segmented. Where I work they'd like to get to the point where a SQL DBA can't even view or query the data that they administer.
If you find the below security vulnerability to be an issue than complain to Microsoft. Also if you didn't know about this vulnerability, than you need to ensure to plug-in to some other industry news sources to get your information on vulnerability and patches, as you can't always count on Microsoft to disclose issues.
-----Original Message----- From: Security Wire Daily [mailto:SearchSecurity@lists.techtarget.com] Sent: Wednesday, September 02, 2009 10:38 AM Subject: New SQL Server password flaw surfaces
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: SearchSecurity.com: Security Wire Daily Breaking security news, the latest industry developments and trends September 02, 2009 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
UNPATCHED VULNERABILITY DISCOVERED IN MICROSOFT SQL SERVER Michael S. Mimoso, Editor, Information Security magazine
Microsoft SQL Server administrators are being warned today about an unpatched vulnerability in the popular database software that exposes user passwords in the clear, as well as credentials delivered by applications trying to access the database server.
Researchers at San Mateo, Calif.-based Sentrigo Inc., announced the flaw this morning, and also revealed that Microsoft has no immediate plans to release a patch for the vulnerability. Sentrigo, meanwhile, said it has developed a free utility that will erase these passwords from memory. Read more: http://go.techtarget.com/r/9124859/8704472
|
Blog Home
|
|