Just say the ‘magic password’: Boffins turn up potential backdoor in SQL Server 2012, 2014

From theregister.co.uk

magic wand over hat magician

Security researchers at ESET have published details of a backdoor into Microsoft’s SQL Server via hooks and the splendidly named “magic passwords”.

The backdoor, which targets SQL Server 2012 and 2014, has the ability to leave a miscreant with stealthy access to a compromised server and forms part of the arsenal of a malware group dubbed “Winnti” by researchers.

The Register spoke with ESET malware bod Mathieu Tartare about the research and the risk posed by backdoor.

Read more…