KLA11310 ACE vulnerability in Microsoft SQL Server

Detect date:

08/14/2018

Severity:

Critical

Description:

A buffer overflow vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability via specially crafted query to execute arbitrary code.

Affected products:

Microsoft SQL Server 2016 for x64-based Systems Service Pack 1
Microsoft SQL Server 2016 for x64-based Systems Service Pack 1 (CU)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 2
Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (CU)
Microsoft SQL Server 2017 for x64-based Systems
Microsoft SQL Server 2017 for x64-based Systems (CU)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2018-8273

Impacts:

ACE

Related products:

Microsoft SQL Server

KB list:

4293808
4293805
4293802
4293803
4458621
4458842

Microsoft official advisories: