Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB5010657
HistoryFeb 08, 2022 - 8:00 a.m.

KB5010657 - Description of the security update for SQL Server 2019 GDR: February 8, 2022

2022-02-0808:00:00
Microsoft
support.microsoft.com
108

8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

KB5010657 - Description of the security update for SQL Server 2019 GDR: February 8, 2022

Summary

This security update fixes an escalation of privileges vulnerability in a Linux virtual machine (VM) that’s running Microsoft SQL Server 2019 Linux container images. To learn more about the problem, see CVE-2022-23276.This vulnerability is not present on servers that are running SQL Server 2019 on Linux bare metal or VMs. This vulnerability is exposed only in SQL Server 2019 Linux container images. Therefore, this update is highly recommended for customers who have deployed SQL Server 2019 Linux container images.The SQL Server components are updated to the following builds in this security update.Component Build version File version
SQL Server 15.0.2090.38 2019.150.2090.38 Azure Arc

This security update fixes the following issue:

Improvements in this update

This update adds an improvement for capturing memory dump files if Microsoft SQL Server 2019 on Linux stops responding.

How to obtain and install the update

Refer to the information that applies to your product.

__

SQL Server 2019 on Linux

To update SQL Server 2019 on Linux to the latest CU, see Configure repositories for installing and upgrading SQL Server on Linux.

__

Azure Arc-enabled SQL Managed Instance

To update Azure Arc-enabled SQL Managed Instance to the latest CU, see the “January 2022” section of Release notes - Azure Arc-enabled data services.

__

Azure SQL Edge

To update Azure SQL Edge to the latest CU, see Azure SQL Edge release notes.

Download tags

To download the update, use the following tags, as appropriate.Linux distribution Tag
Ubuntu 16.04 2019-gdr3-ubuntu-16.04
RHEL 7.x 2019-gdr3-rhel-7.9
For other distributions, such as RHEL 8.x, SLES 12/15, or Ubuntu 18.04/20.04, go to the following Knowledge Base article to install the update that contains this security fix:
  • 5008996 Cumulative Update 15 for SQL Server 2019

More information

For information about how to update containers, see the “Upgrade SQL Server in containers” section in Deploy and connect to SQL Server Docker containers.

Prerequisites

To apply this update, you must have SQL Server 2019 or any SQL Server 2019 GDR release through this SQL Server 2019 GDR installed.

File hash information

File name SHA256 hash
SQLServer2019-KB4583458-x64.exe C87380608D888D52018AD346D0EF27F1DA00986DBF8684323EDA905D35E4180E

Information about protection and security

Protect yourself online: Windows Security supportLearn how we guard against cyber threats: Microsoft Security

Related

nessus 1
prion 1
cve 1
cvelist 1
mscve 1
kaspersky 1
rapid7blog 1
nessus
nessus
Security Updates for Microsoft SQL Server (February 2022)
2022-02-14 00:00:00
prion
prion
Privilege escalation
2022-02-09 17:15:00
cve
cve
CVE-2022-23276
2022-02-09 17:15:00
cvelist
cvelist
CVE-2022-23276 SQL Server for Linux Containers Elevation of Privilege Vulnerability
2022-02-09 16:37:28
mscve
mscve
SQL Server for Linux Containers Elevation of Privilege Vulnerability
2022-02-08 08:00:00
kaspersky
kaspersky
KLA12455 Multiple vulnerabilities in Microsoft SQL Server
2022-02-08 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - February 2022
2022-02-08 20:43:40

8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON
Related for KB5010657
nessus1prion1cve1cvelist1mscve1kaspersky1rapid7blog1