KLA11083Information Disclosure vulnerability in Microsoft SQL Server

2017-08-08T00:00:00
ID KLA11083
Type kaspersky
Reporter Kaspersky Lab
Modified 2019-03-07T00:00:00

Description

Detect date:

08/08/2017

Severity:

Warning

Description:

An incorrect enforcement of permissions was found in Microsoft SQL Server Analysis Services. By exploiting this vulnerability malicious users can obtain sensitive information.

Affected products:

Microsoft SQL Server 2012 Service Pack 3
Microsoft SQL Server 2014 Service Pack 1
Microsoft SQL Server 2016

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2017-8516

Impacts:

OSI

Related products:

Microsoft SQL Server

CVE-IDS:

CVE-2017-85165.0Warning

Microsoft official advisories:

KB list:

4019092
4019090
4019091
4032542
4019093
4036996
4019088
4019086
4019089
4019095