Friday, 22 May 2009

SQL Server security issues

Microsoft Security Bulletin http://www.microsoft.com/technet/security/bulletin/ms09-004.mspx issued in February 2009 is not an issue if you have SQL Server 2005 SP3 installed. If this is problematic to be installed, due to the fact that rollback requires the uninstall and reinstall of SQL Server, a fix to the vulnerability is

USE master
GO
DENY EXECUTE ON sys.sp_replwritetovarbin TO public
GO
NOTE: don’t use this with Transactional Replication with Updateable Subscriptions

The other fairly recent security issue from July 2008 is
http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx

No comments:

Post a Comment

Note: only a member of this blog may post a comment.