A remote attacker can send specially crafted queries to the SQL Server via HTTP requests. Such requests can be received by a vulnerable server and executed. In order to exploit this vulnerability, an attacker must be able to send SQL requests to the SQL Server. This can be done by an authenticated user or by an attacker who has access to the SQL Server as a privileged user. CVE-2022 Severity rating: Critical An attacker must be able to send specially crafted SQL requests to the SQL Server to exploit this vulnerability. The privileged user account required for exploiting this vulnerability is a Domain Administratoin account. A low privileged user account such as a contract employee or end user is not able to exploit this vulnerability. The SQL Server is vulnerable to this issue if the default installation is used, if a SQL login is used, if the SQL service is enabled, or if the SQL Server is running in Windows Remote Desktop Services mode. What’s an OLE DB Provider? An OLE DB Provider is a software component that allows a user application to access data in a data store by using the programming interface defined by the data store. For example, when you open a word processor and type in a document, the word processor accesses the data stored in the document using the OLE DB API. Similarly, when you open a spreadsheet application and enter data in one or more of the columns, the spreadsheet application accesses data stored in the spreadsheet using the OLE DB API.

Vulnerability overview:

SQL Server running on Windows is vulnerable to an issue where a remote attacker may send specially crafted SQL queries to the server and execute them. This vulnerability can be triggered by an authenticated user or by an attacker who has access to the SQL Server as a privileged user.

Vulnerability overview

The SQL Server is vulnerable to this issue if the default installation is used, if a SQL login is used, if the SQL service is enabled, or if the SQL Server is running in Windows Remote Desktop Services mode.

How to determine if your SQL Server is vulnerable?

To determine if your SQL Server is vulnerable, first determine if you are using the default installation of SQL Server. If so, the SQL Server is vulnerable to this issue. Next, determine if a SQL login is used in any instance. If so, the SQL Server is vulnerable to this issue. Next, determine if the SQL service is enabled. If so, the SQL Server is vulnerable to this issue. Finally, determine if your server runs in Windows Remote Desktop Services mode. If so, the SQL Server is also vulnerable to this issue.

How Does SQL Server OLE DB Provider Vulnerability Work?

If you have a SQL Server database server that is vulnerable to the OLE DB Provider vulnerability, an attacker may be able to send specially-crafted queries to the database server. Such requests can be received by the database server and executed.
To exploit this vulnerability, an attacker would need to send specially-crafted queries to the SQL Server via HTTP requests. These requests can be received by a vulnerable server and executed. In order to exploit this vulnerability, an attacker must be able to send SQL requests to the SQL Server as a privileged user.

Timeline

Published on: 09/13/2022 19:15:00 UTC
Last modified on: 09/17/2022 00:14:00 UTC

References