-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2020.0041
            Microsoft Patch Tuesday (February 2020): SQL Server
                             13 February 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              SQL Server 2012
                      SQL Server 2014
                      SQL Server 2014 SP3
                      SQL Server 2016 SP2
Operating System:     Windows
Impact/Access:        Execute Arbitrary Code/Commands -- Existing Account
Resolution:           Patch/Upgrade
CVE Names:            CVE-2020-0618  
Member content until: Saturday, March 14 2020

OVERVIEW

        Microsoft has released its monthly security patch update for the month of February 2020.
        
        This update resolves 1 vulnerabilities across the following products: [1]
        
         Microsoft SQL Server 2012 for 32-bit Systems Service Pack 4 (QFE)
         Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)
         Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU)
         Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR)
         Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU)
         Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR)
         Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (CU)
         Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR)


IMPACT

        Microsoft has given the following details regarding these vulnerabilities.
        
         Details         Impact                   Severity
         CVE-2020-0618   Remote Code Execution    Important


MITIGATION

        Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]
        
         KB4532098, KB4535288, KB4532095, KB4532097, KB4535706


REFERENCES

        [1] Microsoft Security Update Guidance
            https://portal.msrc.microsoft.com/en-us/security-guidance

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXkTKOmaOgq3Tt24GAQjE8Q/+IIv9y4nNmXntzc8W/dpajyu2oiBP8Ovb
p0uri62okHJE510RwTYyQJbQ00rjsVmSDZoTaLLYh57AuftlYkRtDVtOG4gneLmx
HMvgcLSjDMVyD9B5Qie9ts7Prdz2bML15WAlZhZUhldVP96JoJnKcxgHy76g9MC8
akwySxqaH0UaphgwvFtleHNqiI1V8WTi4SP62PuTByXuxE7SJN5R86itbKeYIDwz
z4fJPEKdEUltX6GyjG6F2/iA3BL3Ag2Oog5nS6j6QO8CtGqcu2SM4VaFZSGklC39
g7jbvf9lkI3k1FyGIyBZExN0T2PkxQG006eU9UjyqPVzIuwpZQa8tjYVllq2p+oz
yxtfPuddicbyCtkhzCRzZKaII5wzfH+kCVvHyHuoB1skLOcqNFmrIyXKOKovM1hp
ybYKcug+ohpP7X3wWEHZ4Kzfa1lRu1dB1i178MB9H9iH2m4PNqZ65RuTyiltAgPr
Hgt1nqaUJsVsHatSoDsGNGPkISBWKIG5huJIDvittsocprAqafdUWYdRJH6CvbeP
xeLVgDCilS3a1DxdLyRrcdzfj14KAzkAmt74DZ6KDYsRpWutr72VlE8eeB9SzRtp
PxtxkaEnniCg7HgBE3JEpi1zK9FHSkD1KCdXQmjkbX4gc+7/k3PcRBmtDHajXmm3
fKv3O35T3fk=
=+uHS
-----END PGP SIGNATURE-----