KLA12562
RCE vulnerability in Microsoft SQL Server

Обновлено: 15/06/2022
Дата обнаружения
14/06/2022
Уровень угрозы
High
Описание

A remote code execution vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to execute arbitrary code.

Пораженные продукты

Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR)
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU 4)
Microsoft SQL Server 2017 for x64-based Systems (GDR)
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU 4)
Microsoft SQL Server 2019 for x64-based Systems (GDR)
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR)
Microsoft SQL Server 2019 for x64-based Systems (CU 16)
Microsoft SQL Server 2017 for x64-based Systems (CU 29)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (CU 17)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connectivity Pack
Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR)

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2022-29143
Оказываемое влияние
?
ACE 
[?]
Связанные продукты
Microsoft SQL Server
Microsoft Azure
KB list

5014354
5014353
5015371
5014553
5014355
5014351
5014165
5014164
5014365
5014356

Узнай статистику распространения уязвимостей в твоем регионе