A SQL injection vulnerability has been identified in Microsoft SQL Server, allowing an authorized attacker to elevate privileges locally. This issue arises from improper neutralization of special elements used in SQL commands, enabling the attacker to gain SQL sysadmin privileges.
Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to gain SQL sysadmin rights.
Users can apply the security update for their specific version of SQL Server. Detailed instructions for downloading and installing these security updates are available in the Microsoft Security Update Guide. SQL Server instances on Windows Azure (IaaS) can also receive these security updates through Microsoft Update or by downloading them from the Microsoft Download Center.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
