should i patch the new MDAC vulnerability

M

Max

Hi,

I have read about the latest vulnerability on MDAC and the patches available
from Microsoft.

My question: whether I need to apply this patch to my enterprise servers
(windows 2000 server) and clients (windows XP) as we do not use any SQL
servers in our environment. But I know that MDAC is installed by default.

any comments?
 
I

IBTerry [MSFT]

It just depends on what level of risk you are willing to accept. You are
correct that this is an MDAC patch that is to protect SQL servers. Since
you do not have any SQL servers then your risk exposure at this time is
probably pretty low.
My only problem is that if you do not patch the systems and someone adds an
sensitive SQL server(HR database) to your network you will be exposed to
this issue. Also if you have a large environment it can be hard to be 100%
sure there are no versions of SQL on the network. In my opinion you should
install the patch at your earliest convenience.

IBTerry [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
 
M

Max

You're quite right. Thanks for the tip.

May I ask whether the vulnerability affects MS Access database or other
types of databases as well?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

MDAC NEW PATCH PROBLEMS 3
How to test MDS (Zombieload) patch status on Windows systems 1
Windows GDI Interface Buffer Overflow Vulnerability 1
Frontpage Security Vulnerability 2
Why can't MDAC version be verified in WinXP..? 1
New MDAC patch 3
MDAC Problem 1
Different version of MDAC Causing Writing to SQL 2000? 1

Top