Here’s yet another story of yet another Microsoft hole being exploited. This time it’s in their SQL Server product. Seems like there are more exploits being – well – exploited than in something that’s extremely exploitable.
Microsoft is now warning users of a serious bug in its SQL Server database software, just days after patching a critical flaw in its Internet Explorer browser…
However, for me, the most telling comment of this – yet another – security hole in Microsoft’s code was the last sentence on Techworld’s article:
It was publicly disclosed on 9 December by SEC Consult Vulnerability Lab, which said it had notified Microsoft of the issue in April.
See that? M$ were informed back in April. Somehow I don’t think the FOSS community would wait that long to fix a major security hole in a very widespread product. Do you?
(Thanks to Techworld for keeping us abreast of these important news items)