Unpatched and staying that way.
Microsoft is butting heads with a company that provides software for database security over a weakness in SQL Server that can expose user passwords to anyone with administrative access to the program.
Researchers at San Mateo, California-based Sentrigo warned Wednesday that the "significant vulnerability" is present in the 2000, 2005, and 2008 versions of SQL Server that use the mixed authentication mode, aka the SQL Server and Windows Authentication Mode. While those with administrative privileges typically have the ability to change others' passwords, they should never be able to view those access codes in the clear, they say.
Further info -
Microsoft rejects call to fix SQL password-exposure risk • The Register
Microsoft is butting heads with a company that provides software for database security over a weakness in SQL Server that can expose user passwords to anyone with administrative access to the program.
Researchers at San Mateo, California-based Sentrigo warned Wednesday that the "significant vulnerability" is present in the 2000, 2005, and 2008 versions of SQL Server that use the mixed authentication mode, aka the SQL Server and Windows Authentication Mode. While those with administrative privileges typically have the ability to change others' passwords, they should never be able to view those access codes in the clear, they say.
Further info -
Microsoft rejects call to fix SQL password-exposure risk • The Register