Some SQL Product’s Vulnerability{1}


by Abubaker D
My article is about some of the old SQL server products. It talks about how that some of the SQL products were vulnerable to attacks by hackers, and that they needed patches for it to be fixed and properly securing the data. As it say “All attacks must proceed from an authenticated user, but this can be gotten around through more common problems such as SQL injection.” Here are the list of the products that were reported:

  Microsoft SQL Server 2000 Service Pack 4

  Microsoft SQL Server 2000 Itanium-based Edition Service Pack 4

  Microsoft SQL Server 2005 Service Pack 2

  Microsoft SQL Server 2005 x64 Edition Service Pack 2

  Microsoft SQL Server 2005 with SP2 for Itanium-based Systems

  Microsoft SQL Server 2005 Express Edition Service Pack 2

  Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 2

  Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Service Pack 4

  Microsoft SQL Server 2000 Desktop Engine (WMSDE)

  Windows Internal Database (WYukon) Service Pack 2

That’s pretty much it about the article.

This article is related to our class because it’s about SQL server. I thought it would be helpful for students to know about the versions that might have vulnerabilities. We should make sure to always to check whether or not the product has maximum security features.

I am starting to come across more and more SQL injections. I did some research and apparently SQL injection is a hack attack using SQL statements to hack into a data base. I am interested in learning it, but just for fun.

Larry Seltzer (2008). Vulnerability Bores Through Microsoft SQL Products. Retrieved from http://www.pcmag.com/article2/0,2817,2337486,00.asp