A vulnerability has been identified in the built-in Windows firewall affecting Windows 7, Windows Vista, Windows Server 2008, Windows XP with Service Pack 2 and later, and Windows Server 2003 with Service Pack 1 and later. While an administrator can set detailed security policies for different profiles, when certain traffic is sent such as NBNS lookups, the rules are bypassed by Windows.

This enables an attacker to abuse this vulnerability in order to poison NetBIOS names. More information in the advisory.

2009-06-17

According to the WhiteHat Website Security Statistics Report from 2009, SQL injection vulnerabilities make up to 17% of all web application vulnerabilities. Besides being very common, SQL injection vulnerabilities typically allow an attacker to read or even modify arbitrary data in the database used by the web application. This increases the risk resulting from such vulnerabilities.

In order to increase the overall security of web applications, companies today often implement web application firewalls or filters. While web application firewalls can indeed stop certain attacks, they are not a complete solution to web application vulnerabilities.