Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

SQL server security patches rated as important

Lumension Security : 09 July, 2008  (Technical Article)
Four patches released by Microsoft in monthly update include improvements to server security
Microsoft has released four Important this July Patch Tuesday and Andrew Clarke, Senior Vice President, International, Lumension Security comments, "Given that this month's Patch Tuesday includes a total of four vulnerabilities, all of which are rated Important, this gives administrators some breathing room to get caught up and assess their overall security posture from a mitigation standpoint.

"Still, organisations should pay close attention to the two security updates that address Elevation of Privilege on Microsoft SQL Servers and Microsoft Exchange Servers. Elevation of Privilege on these targets can easily negate the policy and enforcement efforts made in the provisioning of and access management setup on these important systems.

"Both of these products can be high-value targets and these vulnerabilities could be considered Critical depending on the organisation. Many corporations hold not only their basic business information, but also their customer/patient data and critical intellectual property in Microsoft SQL Servers databases, or transmit these types of data via Microsoft Exchange servers. Companies that depend heavily on SQL and Exchange servers to manage and store customer/patient data and intellectual property should evaluate the criticality of these updates and possibly address them as a "critical" level security update.

"In addition, Windows Bulletin 2 indicates the possible violation of the fundamental principle of trusted communication over the network and should also be seriously reviewed. This threat affects most Windows platforms and could allow for the execution of spoofing attacks. Every network-based communication or transaction is based on trust between the sender and receiver. If that trust can be broken by mimicking a trusted source, then this becomes a major problem that needs to be closely examined and quickly addressed."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo