Detections
Analytics
ADV180002: Microsoft SQL Server January 2018 Security Update (Meltdown) (Spectre)
medium Nessus Plugin ID 105613
Language:
Synopsis
The remote SQL server is affected by multiple vulnerabilities.Description
The remote Microsoft SQL Server is missing a security update. It is, therefore, affected by a vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel analysis.Solution
Microsoft has released a set of patches for SQL Server 2008, 2008 R2, 2012, 2014, 2016, and 2017.See Also
http://www.nessus.org/u?573cb1ef
http://www.nessus.org/u?6a5c1225
http://www.nessus.org/u?75a275b4
http://www.nessus.org/u?4e0fe7c6
http://www.nessus.org/u?ba131b75
http://www.nessus.org/u?96a526af
http://www.nessus.org/u?f305d4da
http://www.nessus.org/u?97d419b3
http://www.nessus.org/u?17660a56
http://www.nessus.org/u?4d20b7cb
http://www.nessus.org/u?df512157
http://www.nessus.org/u?bce5a045
Plugin Details
Severity: Medium
ID: 105613
File Name: smb_adv180002_mssql.nasl
Version: 1.20
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 1/5/2018
Updated: 6/29/2023
Configuration: Enable thorough checks
Supported Sensors: Frictionless Assessment Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.4
CVSS v2
Risk Factor: Medium
Base Score: 4.7
Temporal Score: 4.1
Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N
CVSS Score Source: CVE-2017-5754
CVSS v3
Risk Factor: Medium
Base Score: 5.6
Temporal Score: 5.4
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:microsoft:sql_server
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 1/3/2018
Vulnerability Publication Date: 1/3/2018
Exploitable With
CANVAS (CANVAS)