Symptoms
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests. See CVE-2020-0618 for details.
Resolution
To fix this issue in the products that are listed in “Applies to,” install the following security update, as appropriate:
-
Description of the security update for SQL Server 2016 SP2 CU11: February 11, 2020
-
Description of the security update for SQL Server 2016 SP2 GDR: February 11, 2020
-
Description of the security update for SQL Server 2014 SP3 CU4: February 11, 2020
-
Description of the security update for SQL Server 2014 SP3 GDR: February 11, 2020
-
Description of the security update for SQL Server 2012 SP4 GDR: February 11, 2020