SQL Server Email - vulnerability issues and prevention strategies

Author: Frank Ress Published May 8, 2011 from SANS

This paper will explore some of the ways this feature could be used by both legitimate users and intruders. Installation and configuration of the utility will be briefly described in enough detail to support the ensuing discussion of the vulnerability. Finally, a number of strategies will be suggested that could be used to minimize the vulnerabilities exposed by use of this feature.