Security Updates for SQL Server Jan 2021–CVE-2021-1636

There was a security bulletin (CVE-2021-1636) for SQL Server, an elevation of Privilege vulnerability that could be exploited when an Extended Event session is running.

SQL Server has released a number of patches. You can see them on the Release blog, but there are KB links below. If you have any servers that potentially can be accessed by unauthorized traffic, consider patching them.

SQL Server 2019

SQL Server 2017

SQL Server 2016

SQL Server 2014

SQL Server 2012

For SQL Server 2016 and earlier, make sure you are at the Service Pack levels listed. If you aren’t, you cannot patch these instances.

About way0utwest

Editor, SQLServerCentral
This entry was posted in Blog and tagged , , . Bookmark the permalink.

1 Response to Security Updates for SQL Server Jan 2021–CVE-2021-1636

  1. Jeff Moden says:

    “an elevation of Privilege vulnerability that could be exploited when an Extended Event session is running”

    I’m sure Grant will be pleased with that bit of news. 😀

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.