Microsoft Switzerland Security Blog

Security informations brought to you by the Swiss Security Team.

Unpatched database servers on the Internet

Unpatched database servers on the Internet

  • Comments 3
  • Likes

In his most recent publication (“The Database Exposure Survey 2007 ”, November 12, 2007) , David Litchfield conducted a survey on how many database servers exist on the internet and are listening on their default TCP ports and are not protected by a firewall. According to the survey, 157 SQL Servers were found and 53 Oracle Servers were found. Below are key findings as reported in his survey.
• 4% SQL Server systems were found to be completely unpatched.
• 66% Oracle Server systems were running versions known to be vulnerable to critical vulnerabilities.

For me the real problem is not that so many servers are directly connected to the Internet - perhaps (or hopefully) there is a good reason for that, but if I would expose those machines directly to the Internet, I would at least kepp them up to date!



Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment