If you are thinking of implementing the workaround supplied by Microsoft for the SQL vulnerability the company announced this week and you're worrying about the time it will take, things may have just gotten easier.

Microsoft released a Windows Script Host VBScript that implements the workaround on all affected SQL products on the computer on which the script runs. Specifically, it denies Execute permission to the Public role on the sp_replwritetovarbin extended stored procedure in those copies.

You need sufficient permissions to run the script, specifically the sysadmin role for each instance of SQL Server. If you don't have one account that runs as sysadmin, then you may have to run the script under multiple accounts. On Vista and Windows Server 2008 you probably have to run it from an elevated command prompt.

They don't recommend using it if you've implemented a patch, so if you want to gamble that a patch will be out soon, don't bother with this.

How much harder would it have been for Microsoft to put a /UNDO switch on this script to reverse the workaround, as users will want to do once a patch is out? Actually it's a little more complicated than that, as it's possible some users had changed that permission for other reasons and you'd only want to reverse the effects of changes made with this script. So they'd want to store the old permissions somewhere and restore them. Whatever, it's a small lost opportunity.