If you administer a SQL server, read this!

There’s been notices out on the ‘net about a vulnerability in SQL server that would allow a malicious hacker to list all the user passwords.

It seems that it’s not really as bad as reported (I’m shocked! <GRIN>). Apparently, the hacker has to have administrative control to be able to extract the passwords.

Here’s the official MS response:

http://blogs.technet.com/srd/archive/2009/09/02/sql-server-information-disclosure-non-vulnerability.aspx