- These vulnerabilities affect: Most current versions of SQL Server
- How an attacker exploits it: Various, including enticing someone to click a specially crafted link
- Impact: In the worst case, an attacker can steal your web cookie, hijack your web session, or essentially take any action you could on the SQL server
- What to do: Deploy the appropriate SQL Server updates as soon as possible
The XSS flaw poses the most risk. The SQL Master Data Services (MDS) component suffers from a Cross-site Scripting (XSS) vulnerability due to its inability to properly encode output. By enticing someone to click a specially crafted link, an attacker could leverage this flaw to inject client-side script into that user’s web browser. This could allow the attacker to steal web cookie, hijack the web session, or essentially take any action that user could on your SQL Server’s associated web site. In some cases, attackers can even leverage XSS attacks to hijack your web browser, and gain unauthorized access to your computer.
The DoS flaw poses less risk, but is worth patching too. Essentially, if an attacker can send specially crafted queries to you SQL server, he could lock it up. However, since most administrator block SQL queries from the Internet, the attacker would have to reside on the local network to launch this attack.
Microsoft has released SQL Server updates to correct this vulnerability. You should download, test, and deploy the appropriate update as soon as possible. You can find the updates in the “Affected and Non-Affected Software” section of Microsoft’s SQL Server bulletin.
As an aside, the Cross-site Scripting (XSS) protection mechanisms built into many modern web browsers, like Internet Explorer (IE) 8 and above, can often prevent these sorts of attacks. We recommend you enable these mechanisms, if you haven’t already.
For All WatchGuard Users:
Since attackers might exploit some of these attacks locally, we recommend you download, test, and apply the SQL Server patches as quickly as possible.
Microsoft has released updates to fix this vulnerability.
What did you think of this alert? Let us know at [email protected].