KLA11168
Multiple vulnerabilities in Microsoft SQL Server
Обновлено: 06/11/2018
CVSS
7.5
Дата обнаружения
03/01/2018
Уровень угрозы
Critical
Описание

Multiple information disclosure vulnerabilities have been found in Microsoft SQL Server. Malicious user can exploit these vulnerabilities to obtain sensitive information. These vulnerabilities can be exploited remotelly via speculative execution side-channel attack to obtain sensetive information.

 

All Kaspersky Lab business and consumer products are compatible with the update. Our database update on 28th December enables the compatibility flag, recommended by Microsoft, to allow devices to apply the update from 3rd January.

Further details of Kaspersky Lab compatibility with Microsoft security updates are on our Support page.

Our recommendation remains that for optimum protection against vulnerabilities, software and operating system updates should be installed as soon as possible.

More about the CPU vulnerabilities can be found on the Kaspersky Lab blog here and on the announcement website here.

Пораженные продукты

Microsoft SQL Server 2016 for x64-based Systems Service Pack 1 (CU)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 1
Microsoft SQL Server 2017 for x64-based Systems (CU)
Microsoft SQL Server 2017 for x64-based Systems

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel). In addition, you may also need to install firmware updates from manufacturer of your device for increased protection. Check for relevant updates with manufacturer of your device.

Первичный источник обнаружения
ADV180002
Связанные продукты
Microsoft SQL Server
Microsoft official advisories
Microsoft Security Update Guide
KB list

4058561
4057118
4057122
4058562
4058560
4058559
4057113
4057114
4057120
4057117
4057115
4057121
4057116