KLA12395
RCE vulnerability in Microsoft SQL Server

Обновлено: 24/03/2023
Дата обнаружения
16/12/2021
Уровень угрозы
Critical
Описание

Remote code execution vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to execute arbitrary code.

Эксплуатация

The following public exploits exists for this vulnerability:

https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes

https://github.com/winnpixie/log4noshell

https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words

https://github.com/kozmer/log4j-shell-poc

https://github.com/TheArqsz/CVE-2021-44228-PoC

https://github.com/1lann/log4shelldetect

https://github.com/f0ng/log4j2burpscanner

https://github.com/logpresso/CVE-2021-44228-Scanner

https://github.com/vorburger/Log4j_CVE-2021-44228

https://github.com/b-abderrahmane/CVE-2021-44228-playground

https://github.com/Sh0ckFR/log4j-CVE-2021-44228-Public-IoCs

https://github.com/datadavev/test-44228

https://github.com/LemonCraftRu/JndiRemover

https://github.com/darkarnium/Log4j-CVE-Detect

https://github.com/mergebase/log4j-detector

https://github.com/corretto/hotpatch-for-apache-log4j2

https://github.com/alexandre-lavoie/python-log4rce

https://github.com/CodeShield-Security/Log4JShell-Bytecode-Detector

https://github.com/dtact/divd-2021-00038–log4j-scanner

https://github.com/Malwar3Ninja/Exploitation-of-Log4j2-CVE-2021-44228

https://github.com/authomize/log4j-log4shell-affected

https://github.com/guardicode/CVE-2021-44228_IoCs

https://github.com/nccgroup/log4j-jndi-be-gone

https://github.com/qingtengyun/cve-2021-44228-qingteng-online-patch

https://github.com/tasooshi/horrors-log4shell

https://github.com/twseptian/spring-boot-log4j-cve-2021-44228-docker-lab

https://github.com/OlafHaalstra/log4jcheck

https://github.com/psychose-club/Saturn

https://github.com/Panyaprach/Proof-CVE-2021-44228

https://github.com/palominoinc/cve-2021-44228-log4j-mitigation

https://github.com/cyberxml/log4j-poc

https://github.com/Diverto/nse-log4shell

https://github.com/maxant/log4j2-CVE-2021-44228

https://github.com/atnetws/fail2ban-log4j

https://github.com/fireeye/CVE-2021-44228

https://github.com/fullhunt/log4j-scan

https://github.com/rubo77/log4j_checker_beta

https://github.com/thecyberneh/Log4j-RCE-Exploiter

https://github.com/sourcegraph/log4j-cve-code-search-resources

https://github.com/thedevappsecguy/Log4J-Mitigation-CVE-2021-44228–CVE-2021-45046–CVE-2021-45105–CVE-2021-44832

https://github.com/helsecert/CVE-2021-44228

https://github.com/avwolferen/Sitecore.Solr-log4j-mitigation

https://github.com/0xDexter0us/Log4J-Scanner

https://github.com/LutziGoz/Log4J_Exploitation-Vulnerabiliy__CVE-2021-44228

https://github.com/0xsyr0/Log4Shell

https://github.com/manuel-alvarez-alvarez/log4j-cve-2021-44228

https://github.com/Koupah/MC-Log4j-Patcher

https://github.com/kossatzd/log4j-CVE-2021-44228-test

https://github.com/tobiasoed/log4j-CVE-2021-44228

https://github.com/hackinghippo/log4shell_ioc_ips

https://github.com/claranet/ansible-role-log4shell

https://github.com/rodfer0x80/log4j2-prosecutor

https://github.com/lfama/log4j_checker

https://github.com/giterlizzi/nmap-log4shell

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Пораженные продукты

SQL Server 2019 Big Data Clusters

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2021-44228
Оказываемое влияние
?
ACE 
[?]
Связанные продукты
Microsoft SQL Server
CVE-IDS
CVE-2021-442289.3Critical