KLA11310
ACE vulnerability in Microsoft SQL Server

Updated: 06/03/2020
Detect date
?
08/14/2018
Severity
?
Critical
Description

A buffer overflow vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability via specially crafted query to execute arbitrary code.

Affected products

Microsoft SQL Server 2016 for x64-based Systems Service Pack 1
Microsoft SQL Server 2016 for x64-based Systems Service Pack 1 (CU)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 2
Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (CU)
Microsoft SQL Server 2017 for x64-based Systems
Microsoft SQL Server 2017 for x64-based Systems (CU)

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2018-8273

Impacts
?
ACE 
[?]
Related products
Microsoft SQL Server
CVE-IDS
?
CVE-2018-827310.0Critical
KB list

4293808
4293805
4293802
4293803
4458621
4458842

Microsoft official advisories
Microsoft Security Update Guide
Find out the statistics of the vulnerabilities spreading in your region