Operational Defect Database
BugZero found this defect 459 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Microsoft SQL Server | 2082644
Fixes an issue where any member who has the DQS KB Operator (dqs_kb_operator) role or a higher privilege level role can create or overwrite arbitrary files on the machine hosting SQL Server as the account that runs the SQL Server service (the default account is NT SERVICE\MSSQLSERVER).
Last update date:
2/16/2023
Affected products:
SQL Server 2022 on Linux
SQL Server 2022 on Windows
Affected releases:
build lower than 16.0.4003.1
Fixed releases:
16.0.4003.1
Description:
Fixes an issue where any member who has the DQS KB Operator (dqs_kb_operator) role or a higher privilege level role can create or overwrite arbitrary files on the machine hosting SQL Server as the account that runs the SQL Server service (the default account is NT SERVICE\MSSQLSERVER).
