All SQL Server Products are affected by this Remote Code Execution Vulnerability. This can be exploited by attackers to run malicious code in the context of the SQL Server user.
An attacker can send a specially crafted request to the attacker controlled SQL Server. The SQL request can be received by a user visiting a malicious website. The user may open a malicious file, or visit a malicious website. In the latter case, the user may receive an email with a malicious link or a social media message with a malicious link. When the user clicks the link, the user’s computer will receive the SQL request, which will be processed by the vulnerable version of Microsoft SQL Server. A Remote Code Execution can occur. If the user has Microsoft SQL Server installed on the user’s computer, the user might be exploited to run malicious code.
To protect users from this threat, make sure to install the latest software updates for Microsoft SQL Server. Users are protected by default if the software is installed on the user’s computer.
SQL Server 2017
(Current Version)
Microsoft SQL Server is vulnerable to remote code execution. This can be exploited by attackers to run malicious code in the context of the SQL Server user.
An attacker sends a specially crafted request to the attacker controlled SQL Server. The request can be received by a user visiting a malicious website or social media message with a malicious link. When the user clicks the link, the user’s computer will receive the SQL request, which will be processed by the vulnerable version of Microsoft SQL Server. A Remote Code Execution can occur. If they have Microsoft SQL Server installed on their computer, they might be exploited to run malicious code.
To protect users from this threat, make sure you install latest software updates for Microsoft SQL Server and make sure that it is not running on your computer by default. Users are protected by default if the software is installed on their computer.
SQL Server - Vulnerable Version
Microsoft SQL Server is a database management system. In this case, Microsoft SQL Server 2016 is vulnerable. Microsoft has released a software update to fix the vulnerability. If you haven't already installed the update on the affected server, then you should make sure that you install it as soon as possible.
Microsoft SQL Server – Vulnerability Scenario
This vulnerability can be exploited in three scenarios:
The user browses to a malicious website and clicks on a malicious link.
The user receives an email with a malicious link, or a social media message with a malicious link.
The user has Microsoft SQL Server installed on the user’s computer, and the software update does not install automatically.
Timeline
Published on: 09/13/2022 19:15:00 UTC
Last modified on: 09/16/2022 17:41:00 UTC