Intrusion PreventionMS.SQL.Server.Reporting.Service.Remote.Code.Execution
Description
This indicates an attack attempt to exploit a Code Execution vulnerability in Microsoft SQL Server Reporting Services.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted user-supplied script. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application.
Outbreak Alert
FortiGuard Labs continue to see increase in Mallox ransomware related activities detecting Mallox ransomware on multiple hundred FortiGuard sensors. Ransomware infection may cause disruption, damage to daily operations, potential impact to an organization's reputation and extortion.
Affected Products
Microsoft SQL Server 2012 Service Pack 4
Microsoft SQL Server 2014 Service Pack 3
Microsoft SQL Server 2016 Service Pack 2 for x64-based Systems
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| ID | 48753 |
| Created | Mar 04, 2020 |
| Updated | Oct 26, 2023 |
| CVE ID | |
| Tags | Mallox Ransomware |
| Risk |
|
| Known Exploited | Yes |
| Exploit Prediction Score | 94.25% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | MSSQL |
| Profile Type | OS Command Injection |