This looks like a local DOS one, and you are going to need to be able to run the attack code on the server either by using SQL Query Analyzer or being locally logged on.
Also Microsoft has the patch according to the security research that discovered the flaw therefore it should be released ( we hope next month) Z Edward E. Ziots Network Engineer Lifespan Organization Email: [email protected] Phone: 401-639-3505 MCSE, MCP+I, ME, CCA, Security +, Network + -----Original Message----- From: Martin Blackstone [mailto:[email protected]] Sent: Tuesday, December 23, 2008 9:29 AM To: NT System Admin Issues Subject: RE: Microsoft Security Advisory Notification I doubt it. This doesn't appear to be a gaping hole like the other ones were. -----Original Message----- From: David Lum [mailto:[email protected]] Sent: Tuesday, December 23, 2008 6:07 AM To: NT System Admin Issues Subject: FW: Microsoft Security Advisory Notification Think there'll be an out-of-band for SQL? - http://www.microsoft.com/technet/security/advisory/961040.mspx David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
