Skip to main content

Security Update for SQL Server

This month Microsoft released a rare patch for SQL Server. A Security Update to fix venerability within Reporting Services.

We'd urge you to check the bulletin list of susceptible candidate versions of SQL Server. Rather, since there are so many versions susceptible, scroll to the list of non-affected versions. If your install is listed here, breath easy. If not, this update's for you.

I installed and function tested the update on SQL 2008. It's straightforward and SQL Server needs a re-start to kick it in, which means an outage if you're applying this to a core business server.

This patch covers a venerability in Reporting Services. Through this loop-hole malicious code could elevate access privileges and gain control and cause some damage. The malicious code could be planted on a web site or in an advertisement. Looking innocent enough, it's the sort of thing anybody could trigger.

The link between an external web site or advertisement and your internal SQL Server is not spelled out in the MS documentation. However, Microsoft give this an "Important" rating, which means they know the threat exists. The patch software targets Reporting Services components, which implies; an environment with web based interfaces to Reporting Services would be at-risk.


Link to: Security Bulletin

Link to: Security Update


Securely yours,
Pete Q


Labels:

Popular

Year end collection push

I am heartened by the many Collections projects we were involved with last year. These projects will have made a major difference to these firms final collection numbers and more importantly the effort required to collect these amounts. Law Firms Press to Get Bills Paid by Year-End http://online.wsj.com/news/articles/SB10001424052702304773104579270470475326780 The critical number in here was the drop in total recovery rates have dipped from 90% in 2007 down to 83.5% in 2013.   There are some simple measures to improve your Collections which firms can implement :- 1) Review payment terms. Consider 7 and 14 day accounts. 2) Look at your payment options do you make electronic payment easy? 3) Do you deliver bills electronically as PDF? They are faster and match the expectation of clients for quality and authorization. 4) Have you reviewed your client payment requirements? Some bill consolidation services are too expensive in the long run. Negotiate accordingly or leave these cl
Read more

Shopify and WooCommerce gain eCommerce market share

According to BuiltWith a site measuring the top web sites and the technology used behind it the results for August show Shopify building to a 19% share of "Australian" eCommerce sites. There are a few holes here though as this uses geographical data and .au  domains. It is cheaper to use a .com domain though and many sites are hosted on remote servers. BigCommerce also saw some local growth with some better pricing and more attention to new sites. This came at the expense of old systems like osCommerce and ZenCart. The "Other" space has grown which includes Neto . Statistics for websites using Ecommerce technologies in Australia https://trends.builtwith.com/shop/country/Australia When looking globally at the top Million sites Shopify is dwarfed by WooCommerce. As we have pointed out WooCommerce is used by a very large number of sites, it may not be as successful but it gives a shopfront at little cost. The global strength of WooCommerce was throu
Read more