SQL Server 2012, 2014, 2016 Reporting Services Security Update

SQL Server 2012, 2014, and 2016 received security updates in Feb. 2020 to fix two recently discovered spoofing vulnerabilities in Reporting Services. These vulnerabilities could impact customers with remote and external users. The first security issue involves a problem with the approach Reporting Services uses to handle page requests, which could allow an attacker to execute code through service accounts for Reporting Services. Service accounts are frequently used by applications and other automated processes.

Become a DOM member or log in to read the full report