In the news this week, I saw something that surprised me. It wasn't in my technical news, but rather on CNN that there was an announcement of a Java vulnerability. I had seen this listed in tech news, but hadn't paid a lot of attention to it since I tend not to use Java on my browsers. The few places that require it remind me to turn it on and usually update it. However there's a vulnerability in Java that is being attacked widely and US-CERT issued an advisory asking people to disable Java on their browsers. If you're not sure how to do this, a quick search on the Internet should help you. 

For most of us that use SQL Server, this isn't likely an issue for our database systems. Java is typically not how our servers are accessed. There are people that use Java to access SQL Server instances, and for those people, I'd suggest you carefully watch your systems, understand the potential issues, and ensure you have good point to  point security enabled in your firewalls or routers.

Lots of our software has security issues and there are alerts being issued regularly by vendors and various security agencies. If you browse the 2012 alerts from CERT, you will see the list dominated by Microsoft products, of which there are many. Not all of them apply to SQL Server instances, but some do and you should subscribe to some bulletin service and be aware of the patches that are being released for the software you run.

Better security also comes from limiting the services you run on systems, not installing optional software, and using someting like the Best Practices Analyzer to check your installations and ensure you are not making common mistakes that can be exploited by anyone.