Microsoft Security Bulletin MS09-004 – Important

  • Article

 

  • For your joy (and especially for the joy of my customer :)) yesterday Microsoft has released a new Security Bulletin for SQL Server:

  •  

  • Microsoft Security Bulletin MS09-004 – Important

  • https://www.microsoft.com/technet/security/bulletin/MS09-004.mspx

  •  

  • This update is marked as important, which stands for: “A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources”.

  •  

  • Systems with SQL Server 7.0 Service Pack 4, SQL Server 2005 Service Pack 3, and SQL Server 2008 are not affected by this issue.

  •  

  • This update will take your implementations at the following build levels:

  • -          SQL 2005 SP2: 3077 (GDR) or 3310 (QFE).

  • Please note the security update is not included in CU11, which is on build 3301.

  • Next cumulative update for SQL Server 2005 (ie, CU 12 ETA mid Feb) will include this GDR.

  • -          SQL Server 2000 SP4: 2282 (QFE).

  •  

  • For future reference, The Severity Rating System defines the following levels for vulnerabilities:

  •  

  • Rating

    Definition

    Critical

    A vulnerability whose exploitation could allow the propagation of an Internet worm without user action.

    Important

    A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.

    Moderate

    Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation.

    Low

    A vulnerability whose exploitation is extremely difficult, or whose impact is minimal.

  •  

  • - Beatrice Nicolini -