Increased security attacks on Microsoft's SQL Server
December 12, 2008
Microsoft's SQL Server database continues to be the subject of many discussions in security forums all over the Web. This comes as would-be hackers are stepping up attacks on a particularly dark security hole in the latest version of the Internet Explorer browser.
According to researchers at Austria-based SEC Consult, the security hole in Microsoft's SQL Server could potentially allow the remote execution of malicious code. SEC said attackers exploiting the flaw would have to be authenticated users on the system, a requirement that a Microsoft spokesman also said greatly minimizes the risk.
But another SEC Consult advisory message warned that it is still possible for outsiders to target the vulnerability remotely on websites that link search boxes, customer databases or other Internet applications to SQL Server.
This isn't the first time we see that and it sure won't be the last either...
The advisory said "the security flaw can be exploited by an authenticated user with a direct database connection, or via SQL injection in a vulnerable web application. So far, the vulnerability has been successfully used to execute arbitrary code on a lab machine, and we expect more of this in the coming week."
SEC Consult has confirmed the flaw in the 2000 and 2005 versions of SQL Server. However, it has not yet tested it in SQL Server version 2008, but SEC thinks that it might be affected as well.
The bug simply triggers the rewriting of a computer or server's memory by supplying several uninitialized variables to the sp_replwritetovarbin stored procedure. Microsoft was alerted to the bug in April of 2008, according to SEC Consult.
Combined with bugs in Internet Explorer version 7 and the WordPad text converter for Word 97, the world now has three Microsoft zero-day vulnerabilities on its hands. And they come on the heels of this week's release of fixes for 28 vulnerabilities on Patch Tuesday, the biggest security patches in the last five years alone.
"We're running at maximum speed right now just to keep up with all that," said Rick Howard, Internet security director for iDefense, a security lab owned by VeriSign. "Twenty-eight is a lot, so while everybody is working to patch those things, a zero-day is sort of floating out there and not getting all the attention it would have gotten if it came out of the cycle."
Microsoft still claims that there are no reports of the security hole being attacked in the wild.
Mary Landesman, a researcher at ScanSafe, a company that provides malware scanning services for large companies said she's already seeing an increase in SQL Server injection attacks in the last few days.
She added that ScanSafe has observed four times as many attacks targeting the IE 7 flaw than attacks resulting from the widely reported Koobface worm.
Worse, the IE vulnerability is particularly pernicious. It has the ability to completely hijack a computer or server simply by visiting the wrong site. According to Howard, attackers are catching victims off-guard by compromising legitimate websites and then inserting an iFrame that causes those using IE 7 to be hit hard.
Reports do indicate that relatively fewer attacks are targeting the IE flaw, but now that attack code has been publicly released, Howard expects that to accelerate real soon.
The very best way to protect yourself against the IE attack is to stop using the browser until it's been patched correctly. For those who simply must use it, Microsoft has a list of recommendations that can be accessed by going to its website and expanding the workarounds section.
Source: SEC Consult.
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing