Kaspersky Threats

Дата обнаружения

14/06/2022

Уровень угрозы

High

Описание

A remote code execution vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to execute arbitrary code.

Пораженные продукты

Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR)
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU 4)
Microsoft SQL Server 2017 for x64-based Systems (GDR)
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU 4)
Microsoft SQL Server 2019 for x64-based Systems (GDR)
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR)
Microsoft SQL Server 2019 for x64-based Systems (CU 16)
Microsoft SQL Server 2017 for x64-based Systems (CU 29)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (CU 17)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connectivity Pack
Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR)

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения

CVE-2022-29143

Оказываемое влияние

?

ACE

[?]

Связанные продукты

Microsoft SQL Server
Microsoft Azure

KB list

5014354
5014353
5015371
5014553
5014355
5014351
5014165
5014164
5014365
5014356

Узнай статистику распространения уязвимостей в твоем регионе

KLA12562RCE vulnerability in Microsoft SQL Server

KLA12562
RCE vulnerability in Microsoft SQL Server