Microsoft Mends SQL Server XSS Vulnerability

Severity: Medium

Summary:

  • These vulnerabilities affect: Most current versions of SQL Server
  • How an attacker exploits it: By enticing a you to click a specially crafted link
  • Impact: An attacker can steal your web cookie, hijack your web session, or essentially take any action you could in the SQL server Report Manager
  • What to do: Deploy the appropriate SQL Server updates as soon as possible

Exposure:

SQL Server is Microsoft’s popular database server. It includes the SQL Server Reporting Services (SSRS), which provides web-based access to the SQL Server Report Manager.

According to Microsoft’s security bulletin, the SQL Server Report Manager suffers from a Cross-site Scripting (XSS) vulnerability due to its inability to properly validate and sanitize request parameters. By enticing you to click a specially crafted link, an attacker could leverage this flaw to inject client-side script into your web browser. This could allow the attacker to steal your web cookie, hijack your web session, or essentially take any action you could on the SQL Server Report Manager site. In some cases, attackers can even leverage XSS attacks to hijack your web browser, and gain unauthorized access to your computer.

Solution Path:

Microsoft has released SQL Server updates  to correct this vulnerability. You should download, test, and deploy the appropriate update as soon as possible. You can find the updates in the “Affected and Non-Affected Software” section of Microsoft’s SQL Server bulletin.

As an aside, the Cross-site Scripting (XSS) protection mechanisms built into many modern web browsers, like Internet Explorer (IE) 8 and above, can often prevent these sorts of attacks. We recommend you enable these mechanisms, if you haven’t already.

For All WatchGuard Users:

If you have enabled our XTM security appliance’s IPS service, one of our generic XSS detection signatures already detects and prevents this XSS flaw. Nonetheless, we still recommend you download, test, and apply the SQL Server patches as quickly as possible.

Status:

Microsoft has released updates to fix this vulnerability.

References:

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).


What did you think of this alert? Let us know at your.opinion.matters@watchguard.com.

About Corey Nachreiner

Corey Nachreiner has been with WatchGuard since 1999 and has since written more than a thousand concise security alerts and easily-understood educational articles for WatchGuard users. His security training videos have generated hundreds of letters of praise from thankful customers and accumulated more than 100,000 views on YouTube and Google Video. A Certified Information Systems Security Professional (CISSP), Corey speaks internationally and is often quoted by other online sources, including C|NET, eWeek, and Slashdot. Corey enjoys "modding" any technical gizmo he can get his hands on, and considers himself a hacker in the old sense of the word.

5 Responses to “Microsoft Mends SQL Server XSS Vulnerability”

  1. Hi, its nice article regarding media print, we all understand media is a fantastic source of data.

  2. Greetings! Very helpful advice within this article!
    It is the little changes which will make the greatest changes.
    Thanks for sharing!

Trackbacks/Pingbacks

  1. Microsoft Mends SQL Server XSS Vulnerability « microreksa - October 9, 2012

    [...] Microsoft Mends SQL Server XSS Vulnerability [...]

  2. Microsoft Mends SQL Server XSS Vulnerability « microreksa - October 9, 2012

    [...] Comment [...]

  3. WatchGuard Security Week in Review: Episode 37 – Cyber Espionage | WatchGuard Security Center - October 12, 2012

    [...] Microsoft SQL Server update – WGSC [...]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 7,561 other followers

%d bloggers like this: