Microsoft Confirms New SQL Server Threat, the threat is essentially software code code that hackers could use to access or alter corporate database built with SQL Server. The malicious code could allow what's kjavascript:void(0)nown in IT security as remote code execution, a process by which hackers could, for instance, alter figures in a bank account without ever setting foot on the bank's premises.

The software that are vulnerable to the threat are SQL Server 2000, SQL Server 2005, SQL Server 2005 Express Edition, SQL Server 2000 Desktop Engine, and Windows Internal Database (WYukon) are all potentially vulnerable to the threat. It added, however, that it's not aware of any attacks having actually been carried out.

The threat does not affect SQL Server 7.0 Service Pack 4, SQL Server 2005 Service Pack 3, or SQL Server 2008. This information was confirmed by Microsoft.