Business and enterprise software, and other applications that help a business run

The problem has nothing to do with Microsoft's software, it's lazy web developers not properly sanitizing their database inputs. No patch from Microsoft will be able to fix this flaw, it all has to be done by web developers to fix security holes in how their site's code handles data inputs. I'm sure the attack could be just as easily preformed on another type of server, just the database commands would have to be changed up a bit.

Michael, please do a bit more homework before you start bashing next time? It would seem that you suffer the same problem as many web developers today - just not willing to put the time in to deliver quality work. Its too bad really.

I'm sorry Microsoft hasn't publicly apologized for their software not automatically covering up for developer stupidity.

If the programmer didn't sanitize their inputs properly, there's little IIS or any other server software could've done about it.

Sorry guys. You may apologize for them if you want to. If they would not make you jump through hoop after hoop to write their way out of the problem, they would have done their job. They could fix it once, but they haven't. Coders have to fix it thousands of time because they didn't.

I have no sympathy. That's what one gets for using toy software. Get yourself some real software.

SQL injection is the result of poor programming, like, trusting client side input, building SQL queries dynamically instead of using parameters. It has little to do with the software running the web server or the database back end.

SQL injection is a lot more frequent with scripting language that are powerful and easy to use, like PHP. All database engines are prone to it. Nobody is immune.

Security needs to be built on every layers of the application; drop database master;