Shulou(Shulou.com)06/01 Report--

What does Microsoft SQL Server remote code execution vulnerability refer to? for this problem, this article introduces the corresponding analysis and answer in detail, hoping to help more partners who want to solve this problem to find a more simple and easy way.

0x00 vulnerability background

February 16, 2020, when 360CERT conducted asset mapping on the vulnerability of CVE-2020-0618SQL Server remote command execution in Microsoft's February security update, it was found that SQL Server was widely used in China, and there was a danger.

!! Related analysis and PoC have been made public on the Internet.

Microsoft SQL Server (Microsoft structured query language Server) is a relational database solution introduced by Microsoft.

After the vulnerability is authenticated, the attacker sends a special request to SQL Server's reporting service (Reporting Services) to trigger it. If the attack succeeds, the corresponding control rights of the SQL Server service can be obtained.

0x01 risk rating

360CERT assesses the vulnerability

Evaluation methods, threat levels, high risk effects are extensive.

360CERT recommends that the majority of users update the SQL Server software version in time. Do a good job of asset self-check / self-test / prevention to avoid attack.

0x02 vulnerability proof

Successfully obtain the appropriate control rights after a successful attack

Patch No. SQL Server 2016 Service Pack 2 (GDR) 13.0.5026.0-13.0.5101.9KB4505220SQL Server 2016 Service Pack 2 CU1113.0.5149.0-13.0.5598.27KB4527378SQL Server 2014 Service Pack 3 (GDR) 12.0.6024.0-12.0.6108.1KB4505218Server Service Pack 2 CU412.0.6205.1-12.0.6329.1KB4500181SQL Server 2012 Service Pack 4 (QFE) 111.0.7001.0-11.0.7462.6KB4057116

P.S: if your SQL Server version number is not shown in the above table, your SQL Server version will no longer be officially supported by Microsoft. There is also a risk of being affected by this vulnerability. Please upgrade to the latest SQL Server to avoid vulnerabilities.

0x04 repair recommendation

Follow the Microsoft official bug repair guidelines below to fix the vulnerability.

CVE-2020-0618 | Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability

[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618]

0x05 related spatial mapping data

Through surveying and mapping the assets of the whole network, it is found that Microsoft SQL Server is widely used in China. The specific distribution is shown in the following figure.

0x06 product side solution 360city-level network security monitoring service

The QUAKE asset mapping platform of the security brain monitors such vulnerabilities by means of asset mapping technology, and asks users to contact the relevant product area leaders to obtain the corresponding products.

The answer to what the Microsoft SQL Server remote code execution vulnerability refers to is shared here. I hope the above content can be of some help to everyone. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.