Yet another zero-day vulnerability has been found in a Microsoft product, the 3rd this week. The MS SQL issue relates to a remote code execution bug in a stored procedure. All you can do is a. make sure there is no external access to your SQL servers using authentication or b. take them offline – mad news for MS SQL fans.
The other 2 zero-day bugs are in IE7 and the Wordpad text converter for Word 97. Granted that’s an old version of MS Office but I think you may be impressed by how many copies are still in use.
This past Patch Tuesday was the largest in 5 years with 28 patches being released. Attack code has also been released for the IE7 zero-day vuln and it’s possible to completely hijack a machine just by visiting the wrong website. Things aren’t being made easier by the compromise of legitimate sites that causes IE 7 users browsing them to be hit through the use of iframes.
Lastly, a new version of the Koobface worm ( targeting Facebook users ) has surfaced – it generates messages to friends of infected users then directs those friends to websites where it is recommended that a new version of Adobe Flash Player be downloaded with the inevitable results …