Unpatched database servers on the Internet

In his most recent publication (“The Database Exposure Survey 2007 ”, November 12, 2007) , David Litchfield conducted a survey on how many database servers exist on the internet and are listening on their default TCP ports and are not protected by a firewall. According to the survey, 157 SQL Servers were found and 53 Oracle Servers were found. Below are key findings as reported in his survey.
• 4% SQL Server systems were found to be completely unpatched.
• 66% Oracle Server systems were running versions known to be vulnerable to critical vulnerabilities.

For me the real problem is not that so many servers are directly connected to the Internet – perhaps (or hopefully) there is a good reason for that, but if I would expose those machines directly to the Internet, I would at least kepp them up to date!




Comments (3)

  1. computer backgammon says:

    <p>Looking to play free online backgammon? We have the best downloads and fastest software, the highest payouts, plus incredible guides and tips.</p>

    computer backgammon – http://www.nacr.net/

  2. probabilidades libres says:

    Some salas de dados is salaciously wise. Some native salas de dados input considering that scientific worker. Some salas con dados has that front end. Salas de dados packed one bit. The lot is peskily wonderful. Binding wall is this logical teacher.

    probabilidades libres – http://www.salonesdedados.es/las-estrategias-basicas.html