Critical vulnerability in older versions of SQL Server
Microsoft has warned customers of a critical vulnerability in older versions of SQL Server. The company recommends users work around this vulnerability themselves. The vulnerability exists in the extended stored procedure
sp_replwritetovarbin and could allow an attacker to execute arbitrary code as the SQL Server process. The stored procedure is available by default on all affected SQL servers and can be exploited directly by a user or through SQL injection vulnerabilities.
The SQL Server releases affected are SQL Server 2000, SQL Server 2005, SQL Server 2005 Express Edition, SQL Server 2000 Desktop Engine and Windows Internal Database (WYukon). According to Microsoft, newer versions of the database are not affected.
SEC Consult say the issue was discovered and reported to Microsoft in April this year, and in September, Microsoft advised them that a fix for the vulnerability had been completed, but there was no release schedule for it.