|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
-
Running a SQL Server? Heads up! You need to install this month’s patches quickly
I just saw a notification that the SQL Server security hole known as CVE-2020-0618 has been cracked. Per Kevin Beaumont:
Ah bums, there’s an exploit for CVE-2020-0618 (Feb 2020 SQL vuln). The good news: it’s not yet point and click. The bad news: it will be, this will be a big enterprise vuln.
CVSS score 9.7, very easy to exploit but depends on SQL Reporting Services being installed. Some ICS solutions install it, as does Microsoft EPM (Project Server). I’ll keep thread updated if I see any scanning in the wild.
One thing if it helps people, although the MS advisory says it only impacts SQL Server 2012+, it appears to also impact SQL Server 2008 too (which is out of support).
He points to Jin Wook Kim’s Proof of Concept code on Github. In the comments, you can find reference to the original PoC on MDSec.co.uk.
If you aren’t running a SQL Server, or don’t know SQL Server from a hole in the ground, no need to sweat it. But if your company has SQL Server, somebody better let the admins know.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
No Newsletters since 27 January
by 13 minutes ago
-
Linux Mint Debian Edition 7 gets OEM support, death of Ubuntu-based Mint ?
by 34 minutes ago
-
Windows Update “Areca Technology Corporation – System – 6.20.0.41”
by 1 hour, 43 minutes ago
-
Google One Storage Questions
by 2 hours, 54 minutes ago
-
Button Missing for Automatic Apps Updates
by 25 minutes ago
-
Ancient SSD thinks it’s new
by 6 hours, 53 minutes ago
-
Washington State lab testing provider exposed health data of 1.6 million people
by 10 hours, 53 minutes ago
-
WinRE KB5057589 fake out
by 4 hours, 12 minutes ago
-
The April 2025 Windows RE update might show as unsuccessful in Windows Update
by 17 hours, 4 minutes ago
-
Firefox 137
by 1 hour, 41 minutes ago
-
Whisky, a popular Wine frontend for Mac gamers, is no more
by 23 hours, 16 minutes ago
-
Windows 11 Insider Preview build 26120.3863 (24H2) released to BETA
by 23 hours, 28 minutes ago
-
Windows 11 Insider Preview build 26200.5551 released to DEV
by 23 hours, 31 minutes ago
-
New Windows 11 PC setup — can I start over in the middle to set up a local id?
by 16 hours, 36 minutes ago
-
Windows 11 Insider Preview Build 26100.3902 (24H2) released to Release Preview
by 1 day, 3 hours ago
-
Oracle kinda-sorta tells customers it was pwned
by 1 day, 9 hours ago
-
Global data centers (AI) are driving a big increase in electricity demand
by 1 day, 19 hours ago
-
Office apps read-only for family members
by 1 day, 22 hours ago
-
Defunct domain for Microsoft account
by 1 day, 18 hours ago
-
24H2??
by 1 hour, 25 minutes ago
-
W11 23H2 April Updates threw ‘class not registered’
by 1 day, 3 hours ago
-
Master patch listing for April 8th, 2025
by 7 hours, 45 minutes ago
-
TotalAV safety warning popup
by 18 hours, 19 minutes ago
-
two pages side by side land scape
by 3 days, 19 hours ago
-
Deleting obsolete OneNote notebooks
by 3 days, 21 hours ago
-
Word/Outlook 2024 vs Dragon Professional 16
by 3 days ago
-
Security Essentials or Defender?
by 3 days, 3 hours ago
-
April 2025 updates out
by 59 minutes ago
-
Framework to stop selling some PCs in the US due to new tariffs
by 2 days, 20 hours ago
-
WARNING about Nvidia driver version 572.83 and 4000/5000 series cards
by 2 days, 10 hours ago
Remembering Woody
