BugZero found this defect 459 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
2/16/2023
SQL Server 2022 on Linux
SQL Server 2022 on Windows
build lower than 16.0.4003.1
16.0.4003.1
Fixes an issue where any member who has the DQS KB Operator (dqs_kb_operator) role or a higher privilege level role can create or overwrite arbitrary files on the machine hosting SQL Server as the account that runs the SQL Server service (the default account is NT SERVICE\MSSQLSERVER).