MS_SQL shellcode attempt


Code: p588

Severity: Warning


Description: This event is generated when a command is issued to an SQL database server that may result in a serious compromise of the data stored on that system.

Impact: Serious. An attacker may have gained administrator access to the system.

Corrective: Disallow direct access to the SQL server from sources external to the protected network. Ensure that this event was not generated by a legitimate session then investigate the server for signs of compromise Look for other events generated by the same IP addresses.