Description of the security update for Power BI Report Server (October 2020): March 9, 2021 (KB5001285)

Work anywhere from any device with Microsoft 365

Upgrade to Microsoft 365 to work anywhere with the latest features and updates.

Upgrade now

Summary

A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services if it incorrectly handles page requests. An attacker who successfully exploits this vulnerability could execute code in the context of the Report Server service account. An internal API that is used for large PBIX file requests allows a file path property. The reporting services process may try to write a temporary file to a remote path. If the NTLM hash is broken on a target computer, the attacker could get the credentials for the report server process. To learn more about the vulnerability, seeĀ CVE-2021-26859.

Power BI Report Server is updated to the following builds in this security update.

Product name

Product version

File version

Power BI Report Server

15.0.1104.310

1.9.7709.41358

How to obtain and install the update

This update is available for download from the Microsoft Download Center:

Release Date: March 9, 2021

Prerequisites

To apply this update, you must have any version of Power BI Report Server (October 2020) installed.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×