Late Monday, Microsoft released an advisory through which it confirmed that a remote code execution vulnerability was affecting the company’s SQL Server line.

The weakness is prone to exploit Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2000 Desktop Engine (WMSDE) and Windows Internal Database (WYukon).

The only systems that have steered clear of coming to be affected by the vulnerability are the ones using Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3 and Microsoft SQL Server 2008.

Microsoft revealed via the advisory that it was not aware of any active attacks exploiting the SQL Server weakness, adding that it was constantly monitoring the issue in order to offer customers guidance if the measure became necessary.

The flaw was reported on December 4 by SEC Consulting, but at that time, Microsoft did not acknowledge the problem and left the former company no choice but to make the existence of the vulnerability public.

Currently, word has it that Microsoft is planning to fix the bug in January or February.

SQL Server is a business database engine, with SQL standing for Structured or Standard Query Language.

The attacks on the line can take the form of hackers using altered SQL Server requests in order to inject malicious content into a database, which can lead to affecting business transactions or information stored in user accounts.