A remote code execution vulnerability has been identified in Microsoft SQL Server. This issue arises from external control of file names or paths, allowing an authorized attacker to execute code over the network. The vulnerability affects several versions of SQL Server, including 2019, 2022, 2017, and 2016, with specific update requirements for each version.
Exploitation of this vulnerability allows for remote code execution on the affected SQL Server instance.
Users can apply the security update for their specific version of SQL Server. Security update details and download links are available in the Microsoft Security Update Guide. Instructions for determining the correct update to apply are also provided in the update guide.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
