As you might have seen in the news, there have been ongoing SQL injection attacks against vulnerable web applications occurring over the last few months. These attacks have received recurring attention in the press as they pop up in various geographies around the world, and there have been a number of customer inquiries as well.
These attacks do not leverage any SQL Server vulnerabilities, nor any un-patched vulnerabilities in any Microsoft product – the attack vector is vulnerable customer and third party applications. They do however target installations running IIS and SQL Server and are therefore impacting our beloved SQL Server customers.
In order to help our customers respond to and defend themselves from these attacks, we have collaborated with our Microsoft Security Rescue Centers to produce and publish an authoritative blog including talking points and customer guidance. This can be found at : http://blogs.technet.com/swi/archive/2008/05/29/sql-injection-attack.aspx
Enjoy & be safe! Guntherb.