Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2020.0041
Microsoft Patch Tuesday (February 2020): SQL Server
13 February 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: SQL Server 2012
SQL Server 2014
SQL Server 2014 SP3
SQL Server 2016 SP2
Operating System: Windows
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-0618
Member content until: Saturday, March 14 2020
OVERVIEW
Microsoft has released its monthly security patch update for the month of February 2020.
This update resolves 1 vulnerabilities across the following products: [1]
Microsoft SQL Server 2012 for 32-bit Systems Service Pack 4 (QFE)
Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU)
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR)
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU)
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (CU)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR)
IMPACT
Microsoft has given the following details regarding these vulnerabilities.
Details Impact Severity
CVE-2020-0618 Remote Code Execution Important
MITIGATION
Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]
KB4532098, KB4535288, KB4532095, KB4532097, KB4535706
REFERENCES
[1] Microsoft Security Update Guidance
https://portal.msrc.microsoft.com/en-us/security-guidance
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXkTKOmaOgq3Tt24GAQjE8Q/+IIv9y4nNmXntzc8W/dpajyu2oiBP8Ovb
p0uri62okHJE510RwTYyQJbQ00rjsVmSDZoTaLLYh57AuftlYkRtDVtOG4gneLmx
HMvgcLSjDMVyD9B5Qie9ts7Prdz2bML15WAlZhZUhldVP96JoJnKcxgHy76g9MC8
akwySxqaH0UaphgwvFtleHNqiI1V8WTi4SP62PuTByXuxE7SJN5R86itbKeYIDwz
z4fJPEKdEUltX6GyjG6F2/iA3BL3Ag2Oog5nS6j6QO8CtGqcu2SM4VaFZSGklC39
g7jbvf9lkI3k1FyGIyBZExN0T2PkxQG006eU9UjyqPVzIuwpZQa8tjYVllq2p+oz
yxtfPuddicbyCtkhzCRzZKaII5wzfH+kCVvHyHuoB1skLOcqNFmrIyXKOKovM1hp
ybYKcug+ohpP7X3wWEHZ4Kzfa1lRu1dB1i178MB9H9iH2m4PNqZ65RuTyiltAgPr
Hgt1nqaUJsVsHatSoDsGNGPkISBWKIG5huJIDvittsocprAqafdUWYdRJH6CvbeP
xeLVgDCilS3a1DxdLyRrcdzfj14KAzkAmt74DZ6KDYsRpWutr72VlE8eeB9SzRtp
PxtxkaEnniCg7HgBE3JEpi1zK9FHSkD1KCdXQmjkbX4gc+7/k3PcRBmtDHajXmm3
fKv3O35T3fk=
=+uHS
-----END PGP SIGNATURE-----