INTRODUCTION

Microsoft has released security update guide CVE-2021-41372 for Power BI Report Server. See the complete guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41372.

Symptoms

After certain malicious Microsoft Power BI reports are uploaded to a Power BI Report Server, it's possible to run scripts in the security context of the user and perform privilege escalation.

Affected versions 

  • Power BI Report Server (September 2021)
    1.12.7936.39665 (build 15.0.1107.146)

  • Power BI Report Server (May 2021)
    1.11.7815.26414 (build 15.0.1106.169)
     

Power BI Report Server is updated to the following versions in this security update.

Product Name

Product version

File version

Power BI Report Server (September 2021)

15.0.1107.165

1.12.7977.29537

Power BI Report Server (May 2021)

15.0.1106.457

1.11.8091.10468

How to obtain and install the updates

These updates are available for download from the Microsoft Download Center:

Download icon Download the September 2021 package now

   Release date: November 9, 2021

Download icon Download the May 2021 package now

   Release date: March 4, 2022

More information

Prerequisites

To apply the updates, you must have any version of Power BI Report Server installed.

Need more help?

Expand your skills

EXPLORE TRAINING >

Get new features first

JOIN MICROSOFT INSIDERS >

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×