database security

As of July 8, 2025, there is no publicly available information regarding a vulnerability identified as CVE-2025-49719 affecting Microsoft SQL Server. It's possible that this CVE has not been disclosed or does not exist. However, several remote code execution vulnerabilities have been identified...

A critical security vulnerability, identified as CVE-2025-49717, has been discovered in Microsoft SQL Server, posing a significant risk to organizations worldwide. This heap-based buffer overflow vulnerability allows authenticated attackers to execute arbitrary code over a network, potentially...

PingCAP's recent collaboration with Microsoft Azure marks a significant milestone in the evolution of distributed SQL databases, particularly with the introduction of TiDB Cloud Dedicated in public preview on Azure. This partnership aims to provide enterprises with a robust, scalable, and fully...

A recent massive data breach has exposed over 184 million user records, compromising sensitive information from major platforms such as Apple, Google, Meta, Microsoft, Instagram, and Snapchat. The breach includes emails, passwords, and authorization URLs, all stored in plain text, making them...

In an era where data breaches have become an ever-present risk for organizations, cybersecurity experts are witnessing a noteworthy shift in the methods used by threat actors to steal sensitive information. Instead of relying solely on traditional malware, attackers are increasingly leveraging...

A significant vulnerability in one of the most widely used enterprise database communication protocols has prompted urgent action across the IT landscape, with Oracle’s patch for CVE-2025-30733 shining a spotlight on the persistent risks inherent in legacy technology. With databases lying at the...

There’s a renewed buzz in the Windows and database administration communities this week as Microsoft officially unveiled the public preview of SQL Server 2025 at Microsoft Build. The announcement is much more than another version number bump—it marks a significant leap in Microsoft’s on-premises...

Microsoft has taken a bold new step in the evolution of enterprise data management with the public preview release of SQL Server 2025, signaling a significant turning point for organizations seeking robust, AI-driven, and developer-focused database solutions. This major update, unveiled at Build...

In the ever-capricious world of SQL Server management, where every version number is both a badge and a potential migraine, Devart has dropped its latest update like a tactical nuke: dbForge Tools for SQL Server 7.1 is here, bringing support for SQL Server 2025, the SSMS 21 Preview, and the...

If you’re a fan of gray industrial boxes, blinking lights, and the invisible hand that puppeteers much of the world’s infrastructure, then Siemens TeleControl Server Basic might be right up your alley. Or, at least, it was—until a parade of high-severity SQL injection vulnerabilities marched...

Microsoft Access has long been a cornerstone for database solutions in many organizations, but even trusted, longstanding applications aren't immune to emerging security threats. The latest vulnerability, CVE-2025-26630, highlights a use-after-free flaw in Microsoft Office Access that may allow...

In a digital landscape where vulnerabilities lurk in every corner, a new threat has been unearthed: CVE-2024-49006. This vulnerability, affecting the SQL Server Native Client, poses serious concerns for Windows users and organizations relying on Microsoft’s database solutions. Let’s dive into...

Overview The recently disclosed CVE-2024-37318 pertains to a significant security vulnerability found within the SQL Server Native Client OLE DB Provider. This vulnerability raises serious concerns regarding remote code execution, highlighting the potential risks that systems using this...

On July 9, 2024, a significant security advisory was released concerning a newly identified vulnerability, CVE-2024-21373, affecting the SQL Server Native Client OLE DB Provider. This vulnerability poses a potential remote code execution threat, which could allow an attacker to execute arbitrary...

Hi, Who can help me to put back conroller3 within the trust? Or help me to allow controller4 to take control on th entire AD. Issue: We have two servers in an Active Directory Cluster with no GUI. Everything is done by powershell. One is called Controller3 and the other one Controller4...

In this Data Exposed episode Scott welcomes Ron Matchoro, a Senior Program Manager on the SQL Security team, to talk about a new Threat Detection feature on Azure SQL Database, which is about to be released for Preview. SQL Database Threat Detection provides a new layer of security, which...

In this episode of Data Exposed, Scott Welcomes not one, but TWO individuals to the show. Today, both Tommy Mullaney and Raul Garcia, Program Managers on the SQL Server SQL Security team, visit the show to talk about a new security feature in SQL Server 2016 called Row Level Security (RLS). In...