Just days after patching a critical flaw in its Internet Explorer browser, Microsoft is now warning users of a serious bug in its SQL Server database software.

Microsoft issued a security advisory late Monday, saying that the bug could be exploited to run unauthorized software on systems running versions of Microsoft SQL Server 2000 and SQL Server 2005.

Attack code that exploits the bug has been published, but Microsoft said that it has not yet seen this code used in online attacks. Database servers could be attacked using this flaw if the criminals somehow found a way to log onto the system, and Web applications that suffered from relatively common SQL injection bugs could be used as stepping stones to attack the back-end database, Microsoft said.

Desktop users running the Microsoft SQL Server 2000 Desktop Engine or SQL Server 2005 Express could be at risk in some circumstances, Microsoft said.

The bug lies in a stored procedure called “sp_replwritetovarbin,” which is used by Microsoft’s software when it replicates database transactions. It was publicly disclosed on December 9 by SEC Consult Vulnerability Lab, which said it had notified Microsoft of the issue in April.

“Systems with Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008 are not affected by this issue,” Microsoft said in its advisory.

There’s a long standing argument over the differences between “open-source” software and “free” software. But, a more common error outside of software ideology circles is that you can use open-source software anyway you please. Nope. Wrong. It’s never been that way.

Cisco, the networking giant, should know better than this, but they’ve worn out the FSF’s (Free Software Foundation) patience. So, Cisco is now being sued by the SFLC (Software Freedom Law Center) on behalf of the FSF for Linux and other GPL copyright violations.

You see, Cisco, like many other networking companies use Linux, and other free software programs like GCC, binutils, and the GNU C Library in their products. Specifically, Cisco uses these programs in its Linksys line. In fact, the FSF first brought Cisco’s improper use of open-source code to the company’s attention back in 2004 with its use in the Linksys WRT54G wireless router.

The FSF wasn’t looking for money. The cost that comes with using free software code is that, if you sell or distribute programs or products that use the GPLed code, you have to share your modified code with its users.

That’s not much, but some companies, after adding their special sauce, don’t want to share. That’s a big, dumb mistake.

In the last few years, the SFLC has been suing other companies that try to play fast and loose with GPLed programs. And, you know what? The SFLC has been scoring one knockout after another.

As sure as the sun rises in the east, Cisco is going to lose this case.

If Cisco had just played by the rules, all that would have happened is that some code improvements would have been shared with the rest of the world. As companies, like Red Hat, which do play by the free software rules, have shown, you can be a multi-billion dollar company with open source.

Now, Cisco will end up having to open its code anyway, and it will have to pay out cash to the FSF. Cisco would have been far smarter to pay the ‘cost’ of open-source software in the first place and just share the code. After all, since Cisco had already benefited from using open source, you’d think they would have figured out that participating in open source development would only have been to their benefit. Oh well, some companies have to learn the hard way.