Microsoft has recently released a security patch for all supported version of Microsoft SQL Server. These updates are fixing where an elevation of Privilege vulnerability that could be exploited when an Extended Event session is running.
From the Microsoft security bulletin:
Data can be sent over a network to an affected Microsoft SQL Server instance that may cause code to run against the SQL Server process if a certain extended event is enabled. See CVE-2021-1636 for detailed information.
It is recommended for SQL Server 2012, 2014, 2016, 2017, and 2019 that you apply this security patch as soon as possible. This applies to SQL Server running on Windows, Linux, and Docker.
If you are using extended events you should consider not using them until you get this update applied.
The Database Health Monitor Quick Scan Report has been updated to check for this security patch.
More from Stedman Solutions:
Steve and the team at Stedman Solutions are here for all your SQL Server needs.
Contact us today for your free 30 minute consultation..
We are ready to help!