{"id":13247,"date":"2020-02-19T09:47:49","date_gmt":"2020-02-19T08:47:49","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=13247"},"modified":"2024-10-05T18:41:10","modified_gmt":"2024-10-05T16:41:10","slug":"patch-rce-vulnerability-cve-2020-0618-on-your-microsoft-sql-server","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/02\/19\/patch-rce-vulnerability-cve-2020-0618-on-your-microsoft-sql-server\/","title":{"rendered":"Patch RCE vulnerability CVE-2020-0618 on your Microsoft SQL-Server!"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" height=\"47\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2020\/02\/19\/microsoft-sql-server-rce-schwachstelle-cve-2020-0618-dringend-patchen\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]Another urgent request to Microsoft SQL server administrators to patch the vulnerability CVE-2020-0618. An exploit has been discovered that allows remote code execution (RCE).<\/p>\n<p><!--more--><\/p>\n<h2>Updates Microsoft SQL-Server February 2020<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg02.met.vgwort.de\/na\/77ef5c23938046ea902db0e0a7aeffbc\" alt=\"\" width=\"1\" height=\"1\" \/>Microsoft has released various security updates for its SQL server on February 11, 2020. According to <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/20200211\/security-update-deployment-information-february-11-2020\" target=\"_blank\" rel=\"noopener noreferrer\">this table<\/a> and <a href=\"https:\/\/www.tenable.com\/plugins\/nessus\/133719\" target=\"_blank\" rel=\"noopener noreferrer\">this tenable<\/a> post, the following patches are available.<\/p>\n<ul>\n<li>Update <a href=\"https:\/\/support.microsoft.com\/help\/4532095\/\" target=\"_blank\" rel=\"noopener noreferrer\">KB4532095<\/a>, Microsoft SQL Server 2014 for Service Pack 3 (CU)<\/li>\n<li>Update <a href=\"https:\/\/support.microsoft.com\/help\/4532097\/\" target=\"_blank\" rel=\"noopener noreferrer\">KB4532097<\/a>, Microsoft SQL Server 2016 SP2 GDR<\/li>\n<li>Update <a href=\"https:\/\/support.microsoft.com\/help\/4532098\/\" target=\"_blank\" rel=\"noopener noreferrer\">KB4532098<\/a>, Microsoft SQL Server 2012 for Service Pack 4 (QFE)<\/li>\n<li>Update <a href=\"https:\/\/support.microsoft.com\/help\/4535288\/\" target=\"_blank\" rel=\"noopener noreferrer\">KB4535288<\/a>, Microsoft SQL Server 2014 for Service Pack 3 (CU)<\/li>\n<li>Update <a href=\"https:\/\/support.microsoft.com\/help\/4535706\/\" target=\"_blank\" rel=\"noopener noreferrer\">KB4535706<\/a>, Microsoft SQL Server 2016 SP2 CU11<\/li>\n<\/ul>\n<p>All updates address the vulnerability CVE-2020-0618 described below and an overview is also available on this <a href=\"https:\/\/support.microsoft.com\/de-de\/help\/4535305\/sql-server-reporting-services-remote-code-execution-vulnerability\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft page<\/a>.<a href=\"https:\/\/support.microsoft.com\/de-de\/help\/4535305\/sql-server-reporting-services-remote-code-execution-vulnerability\" target=\"_blank\" rel=\"noopener noreferrer\">dieser Microsoft-Seite<\/a>.<\/p>\n<h2>Vulnerability CVE-2020-0618<\/h2>\n<p>The vulnerability exists in the Reporting Services of the different SQL Server versions and can only be exploited if these services are installed. In Advisory <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-0618\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2020-0618<\/a> Microsoft writes that a remote code execution vulnerability exists:<\/p>\n<blockquote><p>In Microsoft SQL Server Reporting Services besteht eine Sicherheitsl\u00fccke bei der Remotecodeausf\u00fchrung, wenn Seitenanforderungen falsch behandelt werden. Ein Angreifer, der diese Sicherheitsanf\u00e4lligkeit erfolgreich ausnutzt, k\u00f6nnte Code im Zusammenhang mit dem Report Server-Dienstkonto ausf\u00fchren.<\/p><\/blockquote>\n<p>To exploit the vulnerability, an authenticated attacker would have to send a specially crafted page request to an affected Reporting Services instance. The <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-0618\" target=\"_blank\" rel=\"noopener noreferrer\">security updates<\/a> resolve this vulnerability.<\/p>\n<h2>Exploit for CVE-2020-0618 published<\/h2>\n<p>Now a proof of concept has emerged to exploit the vulnerability. This is likely to affect a l<a href=\"https:\/\/twitter.com\/GossiTheDog\/status\/1229728105914347522\" target=\"_blank\" rel=\"noopener noreferrer\">ot of companies<\/a>.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">PoC published for CVE-2020-0618, which is an RCE in Microsoft's SQL Server Reporting Services (SSRS)<a href=\"https:\/\/t.co\/t6bmycdUjX\">https:\/\/t.co\/t6bmycdUjX<\/a> <a href=\"https:\/\/t.co\/n16cHivDMe\">pic.twitter.com\/n16cHivDMe<\/a><\/p>\n<p>\u2014 Catalin Cimpanu (@campuscodi) <a href=\"https:\/\/twitter.com\/campuscodi\/status\/1229818692789309442?ref_src=twsrc%5Etfw\">February 18, 2020<\/a><\/p><\/blockquote>\n<p><span id=\"preserve57576c94506d46c796d931137c0b6db0\" class=\"wlWriterPreserve\"><span id=\"preserve706f425929244acc8abae06e84615c7a\" class=\"wlWriterPreserve\"><span id=\"preserve94fa3fbd5e65429caccc29dedebbdd1f\" class=\"wlWriterPreserve\"><script src=\"https:\/\/platform.twitter.com\/widgets.js\" async=\"\" charset=\"utf-8\"><\/script><\/span><\/span><\/span><\/p>\n<p>The technical analysis can be found in <a href=\"https:\/\/www.mdsec.co.uk\/2020\/02\/cve-2020-0618-rce-in-sql-server-reporting-services-ssrs\/\" target=\"_blank\" rel=\"noopener noreferrer\">this blog post<\/a>. Woody Leonhard took up some hints on the topic <a href=\"https:\/\/www.askwoody.com\/2020\/running-a-sql-server-heads-up-you-need-to-install-this-months-patches-quickly\/\" target=\"_blank\" rel=\"noopener noreferrer\">in this article<\/a>. Microsoft writes in the KB articles that it only affects SQL Server 2012 and higher. But there are indications that it also affects SQL Server 2008. But it is no longer supported since July 9, 2019 (that's when the last security update was released, <a href=\"https:\/\/sqlserverupdates.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">see<\/a>).<\/p>\n<p><strong>Addendum:<\/strong> Note <a href=\"https:\/\/twitter.com\/tweet_alqamar\/status\/1230215776776400899?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1230215776776400899&amp;ref_url=https%3A%2F%2Fwww.borncity.com%2Fblog%2F2020%2F02%2F19%2Fmicrosoft-sql-server-rce-schwachstelle-cve-2020-0618-dringend-patchen%2F\" target=\"_blank\" rel=\"noopener noreferrer\">this tweet<\/a>, which indicates that the updates require an already patched Microsoft SQL Server system. However, for SQL Server (Express) these updates are not always available.<\/p>\n<p><strong>Similar articles:<br \/>\n<\/strong>Adobe Flash Player 32.0.0.330 released<br \/>\nMicrosoft Office Patchday (February 4, 2020)<br \/>\n<a href=\"https:\/\/borncity.com\/win\/2020\/02\/12\/microsoft-security-update-summary-february-11-2020\/\">Microsoft Security Update Summary (February 11, 2020)<\/a><br \/>\nPatchday Windows 10-Updates (February 11, 2020)<br \/>\n<a href=\"https:\/\/borncity.com\/win\/2020\/02\/12\/patchday-updates-for-windows-7-8-1-server-feb-11-2020\/\">Patchday: Updates for Windows 7\/8.1\/Server (Feb. 11, 2020)<\/a><br \/>\nPatchday Microsoft Office Updates (February 11, 2020)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Another urgent request to Microsoft SQL server administrators to patch the vulnerability CVE-2020-0618. An exploit has been discovered that allows remote code execution (RCE).<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547,22],"tags":[69,636,195],"class_list":["post-13247","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-update","tag-security","tag-sql-server","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/13247","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=13247"}],"version-history":[{"count":4,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/13247\/revisions"}],"predecessor-version":[{"id":35558,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/13247\/revisions\/35558"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=13247"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=13247"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=13247"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}