Microsoft SQL Server / MSDE Named Pipe Denial Of Service Vulnerability

info
discussion
exploit
solution
references

Microsoft SQL Server / MSDE Named Pipe Denial Of Service Vulnerability

Microsoft SQL Server and the Microsoft Data Engine have been reported prone to a denial of service attack.

Any local or remote user, who can authenticate and is part of the Everyone Group, may trigger a denial of service condition in an affected SQL Server.

It has been reported that, if a remote attacker sends an unusually large request to a named pipe, the SQL Server will become unresponsive.