A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.
Published: 2020-02-19
Availability of proof-of-concept (PoC) code for recently disclosed remote code execution flaw in Microsoft SQL Server Reporting Services leaves sites vulnerable to attack.
https://securelist.com/mallox-ransomware/113529/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618