IT Pro Today is part of the Informa Tech Division of Informa PLC

INFORMA PLC|ABOUT US|INVESTOR RELATIONS|TALENT

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Documents Online Events Advertise About

Newsletter Sign-Up

Cloud

Recent in Cloud

SEE ALL Cloud

healthcare administrator transferring patient data via cloud computing applications

Cloud Computing

5 Best Practices for Achieving Healthcare Cloud Compliance 5 Best Practices for Achieving Healthcare Cloud Compliance

byChristopher Tozzi

Jul 1, 2024

4 Min Read

business people preparing audio visual presentation on collaboration in conference room

Unified Communications

How OpenAI Could Shape the Next Wave of Collaborative Platforms How OpenAI Could Shape the Next Wave of Collaborative Platforms

byEric Krapf, No Jitter

Jun 28, 2024

3 Min Read

Recent in OS

See All OS

abstract string backgroud

PowerShell

Advanced String Manipulation Techniques in PowerShell Advanced String Manipulation Techniques in PowerShell

byBrien Posey

Jun 28, 2024

3 Min Read

pins with words zero trust on a cybernetic board

Linux OS

How To Implement Zero-Trust Security in Linux Environments How To Implement Zero-Trust Security in Linux Environments

byGrant Knoetze

Jun 26, 2024

8 Min Read

IT Mgmt

Recent in IT Mgmt

See All IT Mgmt

person pressing an "IT" button

IT Management

Well-Intentioned Things IT Leaders Do That Hurt Team Productivity Well-Intentioned Things IT Leaders Do That Hurt Team Productivity

byInformationWeek

Jul 1, 2024

2 Min Read

two workers collaborating on computers

IT Operations

Duplicate Tech: A Bottom-Line Issue Worth Resolving Duplicate Tech: A Bottom-Line Issue Worth Resolving

byIndustry Perspectives

Jul 1, 2024

5 Min Read

Career

Recent in Career

See All Career Mgmt

person pressing an "IT" button

IT Management

Well-Intentioned Things IT Leaders Do That Hurt Team Productivity Well-Intentioned Things IT Leaders Do That Hurt Team Productivity

byInformationWeek

Jul 1, 2024

2 Min Read

worker frustrated by coworker's loud talking on the phone

Career Tips

The New Work Etiquette: If You Can't Spot the Jerk, It Might Be You The New Work Etiquette: If You Can't Spot the Jerk, It Might Be You

byThe Washington Post

Jun 27, 2024

6 Min Read

Storage

Recent in Storage

See All Data Storage

data floating

IT Operations

How IT Operations Can Play a Critical Role in Data Management How IT Operations Can Play a Critical Role in Data Management

byChristopher Tozzi

Jun 21, 2024

4 Min Read

virtual data stack

Data Storage

How to Build a Data Stack That Actually Puts You in Charge of Your Data How to Build a Data Stack That Actually Puts You in Charge of Your Data

byIndustry Perspectives

Jun 14, 2024

8 Min Read

Security

Recent in Security

See All IT Security

suspicious executive checking smart phone sitting on a desk at the office

Data Privacy

Is That App Sketchy? Here Are 3 Easy Ways To Check.Is That App Sketchy? Here Are 3 Easy Ways To Check.

byThe Washington Post

Jul 1, 2024

3 Min Read

aerial view of a car dealership lot

Attacks & Breaches

Hacked Software Firm CDK Expects All Dealers Live by July 4 Hacked Software Firm CDK Expects All Dealers Live by July 4

byBloomberg News

Jul 1, 2024

2 Min Read

Dev

Recent in Dev

See All Software Dev

cloud-native

Cloud Native

How Cloud-Native Development Benefits SaaS How Cloud-Native Development Benefits SaaS

byForrester Blog Network

Jun 28, 2024

3 Min Read

blurred programmer behind screen of code

Software Development Techniques

AI-Assisted Development Tools vs. Low-Code/No-Code: What to Use When AI-Assisted Development Tools vs. Low-Code/No-Code: What to Use When

byChristopher Tozzi

Jun 27, 2024

4 Min Read

Recent in DX

See All Digital Transformation

ChatGPT login screen seen on smartphone and laptop displays.

AI & Machine Learning

OpenAI Releases CriticGPT to Catch Chatbot Hallucinations – Is It Enough?OpenAI Releases CriticGPT to Catch Chatbot Hallucinations – Is It Enough?

byDayneé Alejandra Rosales

Jul 1, 2024

2 Min Read

concept art of autonomous tractor scanning agricultural plot

AI & Machine Learning

Robots, Drones and Driverless Tractors Usher In New Age of Farming Robots, Drones and Driverless Tractors Usher In New Age of Farming

byBloomberg News

Jun 27, 2024

6 Min Read

Infrastructure

Recent in Infrastructure

See All Infrastructure

Arati Prabhakar, director of the White House's Office of Science and Technology Policy

High Performance Computing

Biden’s Science Adviser Explains the New Hard Line on China Biden’s Science Adviser Explains the New Hard Line on China

byThe Washington Post

Jun 4, 2024

7 Min Read

Newsletters
How To…?
Industry Perspectives
Business Resources
Reports/Research
Online Events

Live Events
Videos
White Papers
Advertise With Us
About Us

Resource Library

Vulnerabilities & Threats
IT Security

SQL Server Cached Credentials Vulnerability

A vulnerability exists in Microsoft SQL Server 2000 and SQL Server 7.0 that can let an attacker execute SQL queries using the systems administrator (sa) security context.

Ken Pfeil

June 12, 2001

1 Min Read

Reported June 13, 2001, byMicrosoft.

VERSIONS AFFECTED

Microsoft SQL Server 2000
Microsoft SQL Server 7.0

DESCRIPTION
A vulnerability exists inMicrosoft SQL Server 2000 and SQL Server 7.0 that can let an attacker executeSQL queries using the systems administrator (sa) security context. When a userterminates a client connection to a SQL Server, the connection remains cachedfor a period of time because of performance reasons. One SQL query methodcontains this cache vulnerability, making it possible for an attacker to use thequery to reuse a cached connection that once belonged to the sa account. Anattacker can then take actions on the database (e.g., running code), and underthe right conditions, assume full control of the server.

VENDOR RESPONSE

Thevendor, Microsoft, has released securitybulletin MS01-032for this vulnerability, and recommends that users immediately apply the patchmentioned in Microsoft article "QueryMethod Used to Access Data May Allow Rights that the Login Might Not NormallyHave."

CREDIT
Discovered by Microsoft.