KLA11168Multiple vulnerabilities in Microsoft SQL Server

2018-01-03T00:00:00
ID KLA11168
Type kaspersky
Reporter Kaspersky Lab
Modified 2019-03-07T00:00:00

Description

Detect date:

01/03/2018

Severity:

High

Description:

Multiple information disclosure vulnerabilities have been found in Microsoft SQL Server. Malicious user can exploit these vulnerabilities to obtain sensitive information. These vulnerabilities can be exploited remotelly via speculative execution side-channel attack to obtain sensetive information.

Affected products:

Microsoft SQL Server 2016 for x64-based Systems Service Pack 1 (CU)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 1
Microsoft SQL Server 2017 for x64-based Systems (CU)
Microsoft SQL Server 2017 for x64-based Systems

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel). In addition, you may also need to install firmware updates from manufacturer of your device for increased protection. Check for relevant updates with manufacturer of your device.

Original advisories:

ADV180002

Related products:

Microsoft SQL Server

Microsoft official advisories:

KB list:

4058561
4057118
4057122
4058562
4058560
4058559
4057113
4057114
4057120
4057117
4057115
4057121
4057116