MS-SQL 0-day vulnerability remotely exploitable

Microsoft just announced the MS-SQL sp_rewrite vulnerability I blogged about last Wednesday and looks like
mainstream news
is just picking up and reporting on it.

The attack has just morphed into a critical remote flaw as it's reported it can now be exploited through SQL injection. This is an ASPROX type attack but much more dangerous as it allows attackers to gain full privilege to run commands on the SQL server as the administrator.

If your a Sentinel IPS customer, the previous signature and our older SQL injection signatures adequately defend from this attack so rest easy and enjoy the holidays!


Why is this considered a 0-day if we have known about it for a week? Well there is exploit code available and no patch yet from Microsoft... We call that 0-day as attackers can wreck havoc with no patch defenses available.

0 Comments