Microsoft emergency security announcement: Beware of SQL attacks

Microsoft emergency security announcement: Beware of SQL attack outbreak http://tech.sina.com.cn/roll/2008-12-26/0952934911.shtml

Http://www.microsoft.com/china/technet/security/advisory/961040.mspx

Microsoft's official temporary solution

Reject sp_replwritetovarbin permission to extend the Stored Procedure

Use one of the following processes:

? To deny access to stored procedures, connect to SQL Server as SysAdmin using osql.exe or sqlcmd.exe or through SQL Server Management studio and execute the following T-SQL script:

Use master
Deny execute on sp_replwritetovarbin to public

To use SQL Server Management to deny access to stored procedures:

1. Use the Enterprise Manager as SysAdmin to connect to the SQL Server
2. Select the desired server from the SQL Server Enterprise Manager window
3. Expand the database
4. Expand "master server"
5. Click extend stored procedure ". A list of stored procedures is displayed.
6. From the stored procedure list, right-click sp_replwritetovarbin and select "properties"
7. In the "properties" window, click "Permissions"
8. Under user/database role/public, find "public" and click the box in the exec column. The box is changed to a red X.
9. Click "OK" twice

Possible impact of execution denial of permission:
Disabling the sp_replwritetovarbin extended stored procedure prevents all users from subscribing to table updates. This work und only affects customers who use transactional replication with updatable subscriptions. Customers who use transactional replication with read-only subscriptions, bidirectional transactional replication, or peer-to-peer transactional replication are not affected.