MS.SQL.Server.BuiltinRole.Information.Disclosure
Description
This indicates an attack attempt to exploit an Information Disclosure vulnerability in MS SQL Server.
This vulnerability is due to an error in the vulnerable application while executing BACKUP/RESTORE commands. A remote attacker may be able to exploit this bug to get access to sensitive information from the vulnerable application.
Affected Products
Microsoft SQL Server 2014 Service Pack 1 for 32-bit Systems
Microsoft SQL Server 2014 Service Pack 1 for x64-based Systems
Microsoft SQL Server 2014 Service Pack 2 for 32-bit Systems
Microsoft SQL Server 2014 Service Pack 2 for x64-based Systems
Microsoft SQL Server 2016 for 32-bit Systems
Microsoft SQL Server 2016 for x64-based Systems
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems
Recommended Actions
Apply the most recent upgrade or patch from the vendor
http://technet.microsoft.com/security/bulletin/MS16-136
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |