Update Details
Security Update for SQL Server 2016 Service Pack 2 CU (KB4535706)
Last Modified: 2/11/2020
Size: 752.4 MB
If you have a pop-up blocker enabled, the Download window might not open. To open the Download window, configure your pop-blocker to allow pop-ups for this Web site.
Description: First Security Vulnerability fix: A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests. An attacker who successfully exploited this vulnerability could execute code in the context of the Report Server service account. The security update addresses the vulnerability by modifying how the Microsoft SQL Server Reporting Services handles page requests. Second Security Vulnerability fix: A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server. An attacker who successfully exploited the vulnerability could run scripts in the context of the targeted user. The attacks could allow the attacker to read content that the attacker is not authorized to read, execute malicious code, and use the victim's identity to take actions on the site on behalf of the user, such as change permissions and delete content. The security update addresses the vulnerability by correcting SSRS URL sanitization.
Architecture: n/a
Classification: Security Updates
Supported products: Microsoft SQL Server 2016
Supported languages: English
MSRC Number: n/a
MSRC severity: n/a
KB article numbers: 4535706
Add to Basket Remove from Basket Update Basket