Lucene search
MicrosoftKB5001284HistoryMar 09, 2021 - 8:00 a.m.
Description of the security update for Power BI Report Server (May 2020): March 9, 2021 (KB5001284)
2021-03-0908:00:00
Microsoft
support.microsoft.com
9
0.008 Low
EPSS
Percentile
81.6%
Description of the security update for Power BI Report Server (May 2020): March 9, 2021 (KB5001284)
Summary
| A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services if it incorrectly handles page requests. An attacker who successfully exploits this vulnerability could execute code in the context of the Report Server service account. An internal API that is used for large PBIX file requests allows a file path property. The reporting services process may try to write a temporary file to a remote path. If the NTLM hash is broken on a target computer, the attacker could get the credentials for the report server process. To learn more about the vulnerability, see CVE-2021-26859.Power BI Report Server is updated to the following builds in this security update.Product name | Product version | File version |
|---|---|---|
| Power BI Report Server | 15.0.1103.241 | 1.8.7710.3956 |
How to obtain and install the update
This update is available for download from the Microsoft Download Center:
- Download the package now
Release Date: March 9, 2021
Prerequisites
To apply this update, you must have any version of Power BI Report Server (May 2020) installed.
Related
cvelist
cvelist
CVE-2021-26859 Microsoft Power BI Information Disclosure Vulnerability
2021-03-11 15:35:31
nessus
nessus
Security Update for Microsoft Power BI Report Server (March 2021)
2021-03-11 00:00:00
mskb
mskb
mscve
mscve
Microsoft Power BI Information Disclosure Vulnerability
2021-03-09 08:00:00
cve
cve
CVE-2021-26859
2021-03-11 16:15:00
prion
prion
Information disclosure
2021-03-11 16:15:00
kaspersky
kaspersky
KLA12113 OSI vulnerability in Microsoft SQL Server
2021-03-09 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - March 2021
2021-03-09 22:13:03