Previous
Automated worm attacks MS SQL Server
News It would be incorrect to label this a flaw in the software, nor is it a vulnerability in the usual sense. It builds an ActiveX object containing the commands to run via the xp_cmdshell and uses a brute-force password attack on the sa SQL Server...
[June 5, 2002, 14:09]
Windows XP, Office and SQL Server open to new attacks
News Microsoft late on Wednesday warned of three new bugs in its software, including a flaw in SQL Server 7.0 and 2000 that could allow an unauthorised user to execute particular administrative functions called Web tasks.
[October 17, 2002, 13:47]
Microsoft SQL zero-day adds to IE7 woes
Blog The flaw could allow a SQL injection attack against websites, and also could allow an attack by an authenticated user, added the consultant. He told me that SEC Consult had informed Microsoft of the flaw back in April, but that since September...
[December 12, 2008, 16:46]
Microsoft issues alert on three 'critical' flaws
News The software giant released a cumulative patch for Internet Explorer that fixes several vulnerabilities previously disclosed by the company, and it re-released an advisory for Microsoft's SQL Server software, warning that a flaw in that program...
[August 21, 2003, 8:45]
Microsoft puts out three patches
News The flaw could allow an attacker to take over a vulnerable system -- only after successfully disguising the attacking computer as an SQL server. The most major flaw affects Microsoft's Internet Security and Acceleration Server 2000, which is...
[January 14, 2004, 7:35]
Microsoft issues Patch Tuesday DNS fix
News All supported versions of Microsoft Windows 2000, Windows XP, Windows Server 2003 and Windows Server 2008 are affected by the flaw. The updates linked to in Tuesday's bulletins include a patch for a potentially serious underlying DNS flaw.
[July 9, 2008, 13:28]
Microsoft warns on Windows and server security
News The second flaw, also a buffer overrun, affects the Database Console Commands that, if exploited, could give a hacker "complete control over all databases on the server". The flaw could allow a buffer overrun, "which could be exploited by a Web...
[October 4, 2002, 8:33]
FBI warns of bugs for Christmas
News The second flaw affects sites using Microsoft's SQL (Structured Query Language) database software or the Microsoft Data Engine. Known as the "SQL Query Abuse" vulnerability, the flaw allows customers to submit queries and download information...
[December 5, 2000, 8:19]
Lowdown on latest MS security bulletin
News The vulnerability is due to a flaw that can allow a user to log onto the system through the LADP client and gain access at the administrator level. MS02-036 -- Authentication Flaw in Microsoft Metadirectory Services
[August 6, 2002, 13:50]
Security flaw in key Microsoft services
News Microsoft on Tuesday warned users of a number of its subscription programmes, including product testing and volume licensing, of a potential security flaw affecting the software they use for downloads.
[August 21, 2002, 7:38]
Microsoft, US dispute nuclear software threat
News The scientists discovered that the same bug existed in the newer version, although in a less serious form, along with a new security flaw that could give unauthorised people easy access to information stored in the database, Blair told CNET News...
[July 23, 2001, 17:03]
Microsoft finds several 'critical' Web glitches
News The flaw occurs in an ActiveX control called XMLHTTP, which allows Web pages in the browser to send and receive XML data via HTTP, the standard Web transfer protocol. In Internet Explorer, a flaw exists in the way VBScripts -- pieces of code that...
[February 25, 2002, 17:31]
Windows WMF woes widen
News Just days after Microsoft rushed out a patch to fix a critical Windows flaw related to the processing of WMF images, two more problems with the component were flagged. Cybercriminals were taking advantage of that flaw to attack Windows computers...
[January 10, 2006, 8:45]
Microsoft SQL Server 7.0 Patch: Extended Stored Procedures Vulnerability
Downloads The flaw in SQL Server might allow a memory buffer allocated on the stack to be overwritten with arbitrary data, potentially allowing an attacker to execute arbitrary code in the SQL Server process space.
[November 29, 2000, 7:00]
Microsoft Security Bulletin MS02-041
Downloads The first flaw lies in how the function authenticates requests, and would allow any user to submit an upload request. Exploiting the vulnerability could enable an attacker to run SQL commands on the server, which would not only allow data in the...
[August 8, 2002, 8:00]
Microsoft to fix zero-day SMB, IIS holes
News The Server Message Block (SMB) flaw was reported a month ago. Microsoft, which previously released a temporary fix for the SMB hole, reported the Internet Information Services (IIS) flaw in the File Transfer Protocol in August.
[October 9, 2009, 14:19]
Microsoft warns again on Windows
News The flaw is unusually widespread, affecting all versions of DirectX from version 5.2 to the current 9.0a running on all versions of Windows from Windows 98 through the new Windows Server 2003, according to the Microsoft bulletin.
[July 24, 2003, 7:40]
US Army attacked via new Windows flaw
News The flaw, known as a buffer overflow, is in a component of the software that handles the World Wide Web Distributed Authoring and Versioning (WebDAV) protocol in Microsoft's Internet Information Server (IIS).
[March 18, 2003, 7:43]
Hyperthreading hurts server performance, say developers
News Earlier this year, Intel hyperthreading was revealed to have a security flaw where threads could find information from each other through the shared cache despite having no access to each other's memory space.
[November 18, 2005, 10:55]
Microsoft fails Slammer's security test
News The company had informed customers six months earlier about a flaw and included patches in both a roll-up patch -- a software update that includes all the latest patches -- and in the company's latest service pack for Microsoft SQL Server 2000.
[January 28, 2003, 8:39]
