2 days ago, Microsoft released a Security Fix for ALL SQL Server versions to mitigate risks about a privilege escalation vulnerability that leverages Extended Events.
According to Microsoft website:
How can an attacker exploit this vulnerability? An authenticated attacker can send data over a network to an affected SQL Server when configured to run an Extended Event session.
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1636
Due to obvious reasons, they didn’t share a lot of information about the vulnerability yet. Make sure to plan this in your SQL Server environment and patch all SQL Servers as soon as possible!
Download Links:
| SQL Server 2019 | CU8 | https://www.microsoft.com/en-us/download/details.aspx?id=102617 |
| SQL Server 2019 | RTM | https://www.microsoft.com/en-us/download/details.aspx?id=100442 |
| SQL Server 2017 | CU22 | https://www.microsoft.com/en-us/download/details.aspx?id=102619 |
| SQL Server 2017 | RTM | https://www.microsoft.com/en-us/download/details.aspx?id=102620 |
| SQL Server 2016 | SP2 CU15 | https://www.microsoft.com/en-us/download/details.aspx?id=102621 |
| SQL Server 2016 | SP2 | https://www.microsoft.com/en-us/download/details.aspx?id=102622 |
| SQL Server 2014 | SP3 CU4 | https://www.microsoft.com/en-us/download/details.aspx?id=102623 |
| SQL Server 2014 | SP3 | https://www.microsoft.com/en-us/download/details.aspx?id=102624 |
| SQL Server 2012 | SP4 | https://www.microsoft.com/en-us/download/details.aspx?id=102625 |
Bahti Samet Coban 