New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Proof of Concept Released for SQL Remote Code Execution Patch

In a recent Microsoft patch, a fix was announced for 2020-0618 which allowed low-level authorized users to remotely execute code on Microsoft SQL servers. Using the functionality provided by the SQL Server Reporting Services web application, browser level users can trigger this exploit by sending a specially crafted POST request to “/ReportServer/pages/ReportViewer.aspx.” A proof of concept (POC) exploit for this vulnerability has been released, making this a higher priority to patch.

Analyst Notes

With Microsoft’s February 2020 Patch, MAC validation was added in addition to the already existing user access validation. This will allow sysadmins to secure access to the SSRS functionality. Binary Defense recommends updating systems to Microsoft’s latest patch, which fixed this vulnerability as well as 98 others, with 11 marked as “critical.”

CVE-2020-0618: RCE in SQL Server Reporting Services (SSRS)