Intrusion Prevention

MS.SQL.Server.Backup.Database.File.Privilege.Elevation

Description

This indicates an attempt to exploit a privilege elevation vulnerability in Microsoft SQL Server.
The vulnerability is caused by an error that occurs when the SQL Server is checking DDL statements before processing them.

Affected Products

SQL Server 7.0 SP4
SQL Server 2000 SP4
SQL Server 2000 x64-based Edition SP4
SQL Server 2000 Itanium-based Edition SP4
SQL Server 2005 SP1 and SQL Server 2005 SP2
SQL Server 2005 x64-based Edition SP1 and SP2
SQL Server 2005 with SP1 and SP2 for Itanium-based Systems

Impact

System Compromise
Privilege Escalation

Recommended Actions

Apply the patch available at the vendor's web site:
http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx.

CVE References

CVE-2008-0107