KLA11661 ACE vulnerability in Microsoft SQL Server

2020-02-11T00:00:00
ID KLA11661
Type kaspersky
Reporter Kaspersky Lab
Modified 2020-06-03T00:00:00

Description

Detect date:

02/11/2020

Severity:

High

Description:

Unspecified vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to execute arbitrary code.

Affected products:

Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR)
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR)
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (CU)
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU)
Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR)
Microsoft SQL Server 2012 for 32-bit Systems Service Pack 4 (QFE)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2020-0618

Impacts:

ACE

Related products:

Microsoft SQL Server

CVE-IDS:

CVE-2020-06186.5High

KB list:

4532097
4535706
4532098
4535288
4532095

Microsoft official advisories: