There is a hot fix released on 10/10, it is targeted Reporting Services. If you have Reporting Service installed on SQL box then it is for you.
Note: Actually this is a cumulative update, you can apply this on SQL Server which doesn’t have Reporting services but it is not recommended unless there is a special need.
MS12-070: Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849)
This security update resolves a privately reported vulnerability in Microsoft SQL Server on systems running SQL Server Reporting Services (SSRS). The vulnerability is a cross-site-scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the SSRS site in the context of the targeted user. An attacker could exploit this vulnerability by sending a specially crafted link to the user and convincing the user to click the link. An attacker could also host a website that contains a webpage designed to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability.
MICROSOFT CRITICALITY: IMPORTANT
WELLS FARGO PATCH RATING: STANDARD
REBOOT NEEDED: Yes, in some cases
PATCH DUE DATE: October 22, 2012
TARGETED SOFTWARE:
Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 4
Microsoft SQL Server 2005 for 32-bit Systems Service Pack 4
Microsoft SQL Server 2005 for x64-based Systems Service Pack 4
Microsoft SQL Server 2005 for Itanium-based Systems Service Pack 4
Microsoft SQL Server 2008 for 32-bit Systems Service Pack 2
Microsoft SQL Server 2008 for 32-bit Systems Service Pack 3
Microsoft SQL Server 2008 for x64-based Systems Service Pack 2
Microsoft SQL Server 2008 for x64-based Systems Service Pack 3
Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 2
Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 3
Microsoft SQL Server 2008 R2 for 32-bit Systems Service Pack 1
Microsoft SQL Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft SQL Server 2008 R2 for Itanium-based Systems Service Pack 1
Microsoft SQL Server 2012 for 32-bit Systems
Microsoft SQL Server 2012 for x64-based Systems
No comments:
Post a Comment