Security Updates for Microsoft SQL Server (Uncredentialed Check) (February 2020)

high Nessus Plugin ID 133718

Synopsis

The Microsoft SQL Server installation on the remote host is missing a security update.

Description

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests. An attacker who successfully exploited this vulnerability could execute code in the context of the Report Server service account. (CVE-2020-0618)

Solution

Microsoft has released the following security updates to address this issue:
-KB4532095
-KB4532097
-KB4532098
-KB4535288
-KB4535706

See Also

http://www.nessus.org/u?ff30ef1b

http://www.nessus.org/u?8089305a

http://www.nessus.org/u?899d9f68

http://www.nessus.org/u?7c9e8cfc

http://www.nessus.org/u?226a31d0

Plugin Details

Severity: High

ID: 133718

File Name: smb_nt_ms20_feb_mssql_remote.nasl

Version: 1.9

Type: remote

Agent: windows

Family: Windows

Published: 2/14/2020

Updated: 9/18/2024

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2020-0618

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:sql_server

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/11/2020

Vulnerability Publication Date: 2/11/2020

CISA Known Exploited Vulnerability Due Dates: 10/9/2024

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (SQL Server Reporting Services (SSRS) ViewState Deserialization)

Reference Information

CVE: CVE-2020-0618

IAVA: 2020-A-0074-S

MSFT: MS20-4532095, MS20-4532097, MS20-4532098, MS20-4535288, MS20-4535706

MSKB: 4532095, 4532097, 4532098, 4535288, 4535706