Security Updates for Microsoft SQL Server (October 2023)

medium Nessus Plugin ID 182956

Synopsis

The Microsoft SQL Server installation on the remote host is missing a security update.

Description

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability:

- A Denial of Service vulnerability. An attacker could impact availability of the service resulting in Denial of Service (DoS) (CVE-2023-36728) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Microsoft has released security updates for Microsoft SQL Server.

See Also

https://support.microsoft.com/en-us/help/5029184

https://support.microsoft.com/en-us/help/5029185

https://support.microsoft.com/en-us/help/5029186

https://support.microsoft.com/en-us/help/5029187

https://support.microsoft.com/en-us/help/5029375

https://support.microsoft.com/en-us/help/5029376

https://support.microsoft.com/en-us/help/5029377

https://support.microsoft.com/en-us/help/5029378

https://support.microsoft.com/en-us/help/5029379

https://support.microsoft.com/en-us/help/5029503

Plugin Details

Severity: Medium

ID: 182956

File Name: smb_nt_ms23_oct_mssql.nasl

Version: 1.3

Type: local

Agent: windows

Published: 10/12/2023

Updated: 1/12/2024

Configuration: Enable thorough checks

Supported Sensors: Frictionless Assessment Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2023-36728

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:sql_server

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 10/10/2023

Vulnerability Publication Date: 10/10/2023

Reference Information

CVE: CVE-2023-36728

IAVA: 2023-A-0541-S

MSFT: MS23-5029184, MS23-5029185, MS23-5029186, MS23-5029187, MS23-5029375, MS23-5029376, MS23-5029377, MS23-5029378, MS23-5029379, MS23-5029503

MSKB: 5029184, 5029185, 5029186, 5029187, 5029375, 5029376, 5029377, 5029378, 5029379, 5029503