KLA12043 PE vulnerability in Microsoft SQL Server

Detect date:

01/12/2021

Severity:

High

Description:

An elevation of privilege vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to gain privileges.

Exploitation:

Public exploits exist for this vulnerability.

Affected products:

Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR)
Microsoft SQL Server 2017 for x64-based Systems (CU 22)
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR)
Microsoft SQL Server 2012 for 32-bit Systems Service Pack 4 (QFE)
Microsoft SQL Server 2017 for x64-based Systems (GDR)
Microsoft SQL Server 2019 for x64-based Systems (GDR)
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU 4)
Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)
Microsoft SQL Server 2016 Service Pack 2 for x64-based Systems (CU 15)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR)
Microsoft SQL Server 2019 for x64-based Systems (CU 8)
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU 4)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2021-1636

Impacts:

PE

Related products:

Microsoft SQL Server

CVE-IDS:

CVE-2021-16368.8Critical

KB list:

4583461
4583456
4583457
4583459
4583462
4583465
4583458
4583460
4583463

Microsoft official advisories: