Security Updates for Microsoft SQL Server 2016 and 2017 x64 (August 2018) (uncredentialed check)

critical Nessus Plugin ID 122486

Synopsis

The remote SQL server is affected by multiple vulnerabilities.

Description

The remote Microsoft SQL Server is missing a security update. It is, therefore, affected by buffer overflow vulnerability that could allow remote code execution on an affected system.
An attacker who successfully exploited the vulnerability could execute code in the context of the SQL Server Database Engine service account.

Solution

Microsoft has released a set of patches for x64 versions of SQL Server 2016 and 2017.

See Also

http://www.nessus.org/u?02637930

http://www.nessus.org/u?b5296772

http://www.nessus.org/u?ded4707c

http://www.nessus.org/u?cc2f6328

http://www.nessus.org/u?4ab5e14c

http://www.nessus.org/u?0c6a7711

http://www.nessus.org/u?82d9f22e

Plugin Details

Severity: Critical

ID: 122486

File Name: smb_nt_ms18_aug_mssql_remote.nasl

Version: 1.6

Type: remote

Agent: windows

Family: Windows

Published: 2/28/2019

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2018-8273

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:sql_server

Required KB Items: Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 8/13/2018

Vulnerability Publication Date: 8/14/2018

Reference Information

CVE: CVE-2018-8273

BID: 104967

MSFT: MS18-4293802, MS18-4293803, MS18-4293805, MS18-4293808, MS18-4458621, MS18-4458842

MSKB: 4293802, 4293803, 4293805, 4293808, 4458621, 4458842