KB4036996: Security Update for SQL Server (August 2017)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote SQL server is affected by an information disclosure vulnerability.

Description :

The remote Microsoft SQL Server is missing a security update. It is,
therefore, affected by an information disclosure vulnerability in
Microsoft SQL Server Analysis Services when it improperly enforces
permissions. An attacker could exploit the vulnerability if the
attacker's credentials allow access to an affected SQL server
database. An attacker who successfully exploited the vulnerability
could gain additional database and file information.

See also :

https://support.microsoft.com/help/4036996
https://support.microsoft.com/help/4032542
https://support.microsoft.com/help/4019095
https://support.microsoft.com/help/4019093
https://support.microsoft.com/help/4019092
https://support.microsoft.com/help/4019091
https://support.microsoft.com/help/4019090
https://support.microsoft.com/help/4019089
https://support.microsoft.com/help/4019088
https://support.microsoft.com/help/4019086

Solution :

Microsoft has released a set of patches for SQL Server 2012, 2014, and
2016.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N)
CVSS Temporal Score : 3.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 102271 ()

Bugtraq ID: 100041

CVE ID: CVE-2017-8516

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now