[lawnchair_larry]

This bug shouldn't be a huge deal because if you are treating your sensitive database server as anything but exploitable from any machine with network access, you've already lost.

Even if your DB server is properly restricted, you should still patch quickly, but there is no way that it should be reachable unless you're already heavily compromised.

[tptacek]

Unless it's something that compromises query/statement integrity from normal user input; a character set problem, for instance.

[lawnchair_larry]

Yep, there are a few potential ways that could be exceptions, depending on the bug. But let's not kid ourselves, nobody in the real world properly quarantines their DB servers anyway ;)

[fulafel]

This is a pretty firewall happy mindset. Some of us don't have any "internal networks" as a matter of principle.

[lawnchair_larry]

There are varying degrees of "firewall happiness" and reasonable minds can disagree as to how far you go to balance convenience/security, but...you don't do any network segmentation as a matter of principle? Either I don't understand what you are saying, or you need to make a case for the immediate termination of everybody in charge of your network.