This SQL Server error has been detected and warned by Microsoft SEC since April but did not understand why it did not fix it soon. SEC Consult finally decided to publish the same error information that it exploited to pressure Microsoft.
Microsoft urgently fixes SQL Server errors Picture 1 As a result, earlier this week Microsoft had to issue a warning message to users about this SQL Server security flaw and had to officially confirm that it was working on a bug fix. These moves are considered to reassure customers using SQL Server.
A Microsoft spokesperson said: ' Immediately after receiving information about the bug last April Microsoft immediately started the detailed investigation process and found a solution .'
Bernhard Mueller, a security researcher at SEC Consult, said in September that Microsoft once sent a notice saying it had completed a fix. But Microsoft spokesman said: ' At the moment there are not any bug fixes for the SQL Server error mentioned above .'
Most security experts hope that Microsoft will release a fix for SQL Server as an emergency security update - similar to a recent release of Internet Explorer - instead of a general release. January 2009 update.
Wolfgang Kandek - Chief Technology Officer of Qualys Inc. - assume that the SQL Server error is much more dangerous than the error in IE. ' SQL Server is an important part of the enterprise server core infrastructure.If not fixed early, not only businesses but also ordinary users will face a lot of risks '.
Microsoft recommends that users disable all access to the SQL procedure that could be exploited to open the attack path directly to the application error.
In addition, Microsoft provides a piece of Visual Basic Script that automates the implementation of the above solution. Users can refer to this script and remedies here.