Microsoft JDBC Driver 6.2 for SQL Server now available

New version of driver adds some interesting features 
14 July 2017   2030

According to Technet Blog of Microsoft, developers of JDBC driver for SQL Server recently released version 6.2. The JDBC Driver provides Java database connectivity from any Java application, application server or Java-enabled applet to Microsoft SQL Server, Azure SQL Database and Azure SQL Data Warehouse. The driver is open source and available at no additional charge.

New features  

Let's figure out what developers had made for users. 

Performance improvements for Prepared Statements
Can be tuned using new properties to become more suitable for your application.

Azure Active Directory (AAD) support for Linux
You can connect your Linux applications to Azure SQL Database using AAD authentication via username/password and access token methods.

Federal Information Processing Standard (FIPS) enabled Java virtual machines
The JDBC Driver can now be used on Java virtual machines (JVMs) that run in FIPS 140 compliance mode to meet federal standards and compliance.

Kerberos Authentication Improvements 
Now this driver has support for:

  • Principal/Password method for applications where the Kerberos configuration cannot be modified or is unable to retrieve a new token or keytab. This method can be used for authenticating to a SQL Server that only allows Kerberos authentication.
  • Cross-realm authentication using Kerberos integrated authentication without explicitly setting the server service principal name (SPN). The driver now automatically computes the REALM even when it has not been provided.
  • Kerberos constrained delegation by accepting impersonated user credentials as a GSS credential object via data source. This impersonated credential is then used to establish a Kerberos connection.

Added Timeouts
The JDBC driver now supports the following configurable timeouts you can change based on your application’s needs:

  • Query Timeout to control the number of seconds to wait before a timeout occurs when running a query
  • Socket Timeout to specify the number of milliseconds to wait before a timeout occurs on a socket read or accept

Related links 

You can download the JDBC driver 6.2 jars directly from:

  • Maven Central Repository
  • Microsoft Download Center
  • GitHub

Or you can add the new driver to your Maven project by adding the following code to your POM file:

<dependency> 
    <groupId>com.microsoft.sqlserver</groupId> 
    <artifactId>mssql-jdbc</artifactId> 
    <version>6.2.0.jre8</version> 
</dependency>

Developers also ask to help them improve their product and submit any spotted issues.

Chinese Hackers to Infect Servers With Hidden Miners

According to the research, 50k MS-SQL and PHPMyAdmin Windows servers around the world are infect with hidden miners by APT campaign
31 May 2019   529

The Chinese APT group injects cryptocurrency miners and rootkits into MS-SQL and PHPMyAdmin Windows servers around the world. According to specialists from Guardicore Labs, since February 2019, attackers have been able to compromise more than 50,000 servers.

Number of Infections Over Time - The Nansh0u Campaign
Number of Infections Over Time - The Nansh0u Campaign

The malicious campaign was named Nansh0u. The attackers hack Windows MS-SQL and PHPMyAdmin servers using brute-force, and then infect them with malware. Experts found 20 versions of malicious modules.

To prevent the completion of the process, the expired digital certificate of the dummy company Hangzhou Hootian Network Technology, issued by Verisign certification center, was used.

Nansh0u Campaign Attack Flow
Nansh0u Campaign Attack Flow

This campaign demonstrates once again that common passwords still comprise the weakest link in today’s attack flows. Seeing tens of thousands of servers compromised by a simple brute-force attack, we highly recommend that organizations protect their assets with strong credentials as well as network segmentation solutions.
 

Guardicore Team

Specialists from Guardicore Labs note that servers with unreliable credentials are in the first place at risk. To check the system for the presence of malware, experts recommend using a free script.