SQL Server information disclosure non-vulnerability

We’ve gotten some questions about a reported issue with SQL Server exposing plaintext user passwords. We investigated the issue and found that attackers would need administrative control of a SQL Server to extract passwords from it. We checked with the security researchers who reported the issue and they confirmed that this is an information disclosure…

0

More information about the SQL stored procedure vulnerability

Security Advisory 961040 provides mitigations and workarounds for a newly-public post-authentication heap buffer overrun in SQL Server, MSDE, and SQL Express. This blog post goes into more detail about the attack surface for each affected version and the overall risk from this vulnerability. As listed in the advisory, the following products have the vulnerable code:…

0