Microsoft has released security updates to address a serious vulnerability in SQL Server, tracked as CVE-2025-59499. This flaw, which affects SQL Server versions 2016, 2017, 2019, and 2022, stems from improper handling of special characters in SQL commands, potentially allowing attackers to perform SQL injection attacks.
The vulnerability carries a CVSS score of 8.8, indicating its high severity and urgent need for system administrators to apply the patches. Attackers can exploit this flaw over a network with low-level access, executing arbitrary commands with elevated permissions. This could lead to unauthorized access to sensitive data and full control over the database system if the attacker gains sysadmin privileges.
To protect systems from potential exploitation, administrators are advised to immediately apply the appropriate updates. Microsoft has made security patches available through General Distribution Release and Cumulative Update channels, ensuring all affected versions are covered.
👉 Pročitaj original: Cyber Security News
