FAQ
How can an attacker exploit this vulnerability? An authenticated attacker can send data over a network to an affected SQL Server when configured to run an Extended Event session.
MSRC compact vulnerability detail
CVE-2021-1636 · Microsoft SQL Elevation of Privilege Vulnerability
No description was published by MSRC.
Signals
SQL Server
Elevation of Privilege
Exploited: No
Publicly disclosed: No
Exploitability: Exploitation Less Likely
CWE
No CWE data published.
Patch Diff
Loading module diff metadata...
Resolved binary override
Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.
Description
No description was published by MSRC.
FAQ / Articles
FAQ
There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use? First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185 - How to determine the version, edition, and update level of SQL Server and its components. Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install. Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates. Update number Title Apply if current product version is… This security update also includes servicing releases up through… 4583458 Security update for SQL Server 2019 RTM GDR: Jan 12, 2021 15.0.2000.5 - 15.0.2070.41 KB 4517790 - Previous SQL19 RTM GDR 4583459 Security update for SQL Server 2019 RTM CU8: Jan 12, 2021 15.0.4003.23 - 15.0.4073.23 KB 4577194 – SQL19 RTM CU8 4583456 Security update for SQL Se...