taken from www.securityspace.com
attention Windows users for the following 2 high risk vulnerabilities

1)
Title: IE 5.01 5.5 6.0 Cumulative patch (Q316059)
ID: 10861
Category: Windows
http://www.securityspace.com/smysecure/catid.html?id=10861
Summary: Determines whether the hotfix Q313675 is installed
Description:
** The 11 Febuary 2002 Cumulative Patch for IE is
** not applied on the remote host. **
Impact of vulnerability: Run code of attacker's choice. **
Recommendation: Customers using IE should install the patch immediately. **
Affected Software: **
Microsoft Internet Explorer 5.01
** Microsoft Internet Explorer 5.5
** Microsoft Internet Explorer 6.0 **
NOTE: Might require full registry access on win2k and xp **
Supersedes MS01-055 and ms01-058
See http://www.microsoft.com/technet/security/bulletin/ms02-005.asp
Risk factor : High


2)
Title: Microsoft's SQL Server Brute Force
ID: 10862
Category: Windows
http://www.securityspace.com/smysecure/catid.html?id=10862
Summary: Microsoft's SQL Server Brute Force
Description: The SQL Server has a common password for one or more accounts. These accounts may be used to gain access to the records in the database or even allow remote command execution. *** Solution: Please set a difficult to guess password for these accounts. ***
Risk Factor: HIGH

Perhaps you all did know this already but for those who don't : apply the solutions ;)

Thks. good post. +tive antis coming. It seems few here on AO are concerned about databases much. The focus tend to be on os and other apps, but as you know, all our businesses run on dbs.

:)

Even AO runs on dbs ;)

out of curiosity - are you a dba?

nope, sorry

At one time I used to be an assistant dba. Which was weird since I was an engineer at the time. Oh well - not too much these days, mainly some mgmt of sql 7 clusters but I don't write stored procedures anymore.


:)