Security Updates for Microsoft SQL Server 2016 and 2017 x64 (August 2018)

critical Nessus Plugin ID 111786

Synopsis

The remote SQL server is affected by multiple vulnerabilities.

Description

The remote Microsoft SQL Server is missing a security update. It is, therefore, affected by buffer overflow vulnerability that could allow remote code execution on an affected system.
An attacker who successfully exploited the vulnerability could execute code in the context of the SQL Server Database Engine service account.

Solution

Microsoft has released a set of patches for x64 versions of SQL Server 2016 and 2017.

See Also

http://www.nessus.org/u?02637930

http://www.nessus.org/u?b5296772

http://www.nessus.org/u?ded4707c

http://www.nessus.org/u?cc2f6328

http://www.nessus.org/u?4ab5e14c

http://www.nessus.org/u?0c6a7711

http://www.nessus.org/u?82d9f22e

Plugin Details

Severity: Critical

ID: 111786

File Name: smb_nt_ms18_aug_mssql.nasl

Version: 1.13

Type: local

Agent: windows

Published: 8/16/2018

Updated: 6/29/2023

Configuration: Enable thorough checks

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2018-8273

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:sql_server

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 8/13/2018

Vulnerability Publication Date: 8/14/2018

Reference Information

CVE: CVE-2018-8273

MSFT: MS18-4293802, MS18-4293803, MS18-4293805, MS18-4293808, MS18-4458621, MS18-4458842

MSKB: 4293802, 4293803, 4293805, 4293808, 4458621, 4458842