raiserror and xp_sprintf have in the past been liable to overrrun attacks.
But blocking my use of them OUTGOING means I can't manage or maintain any stored procedures that use these keywords, which means I can't manage our databases AT ALL.
This is a huge flunk, especially considering you even block them when they are in comments. The entire connection is lost.
To be clear, the following apps will fail on any attempt to modify or create stored procedures that use these:
SQL Server Management Studio
Visual Studio
This really needs to be fixed.The latest sig file from almost a year ago does not address this, according to release notes.
Basically, I have completely disable IPS to use these valid programs.