Tuesday 12/23 Update: Microsoft Security Advisory 961040

Hello, Bill here,


I want to provide you with a quick update regarding our recently released security advisory.


In the advisory we provide a workaround to help customers protect themselves from attackers trying to exploit this vulnerability.  Customers have told us that its helpful when we provide information and guidance on how to automate the deployment of workarounds, so we have taken this a step further and worked with the SQL Engineering Team to providing Enterprise and Business Users a script that applies the workaround on all running instances of SQL Server on the local computer. Essentially, the script iterates through the running instances of SQL Server and denies execute permissions on sp_replwritetovarbin to “public” on all the affected versions. You can find additional information on this script and how to use it in Knowledge Base Article 961040.


I also want to bring to your attention an entry that was posted yesterday, and updated today, at the Security Vulnerability Research & Defense blog. The blog covers a number of technical details related to this vulnerability to help customers better understand the risks, mitigations, and attack surface of the vulnerability and how attackers might use it.


Lastly, I wanted to note that we are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) programs to provide information that they can use to provide broader protections to customers.


Bill Sisk

*This posting is provided “AS IS” with no warranties, and confers no rights.*