Patch Tuesday 2021-01-12 : SQL Server Updates
Patches are available for several versions of SQL Server today, addressing an elevation of privilege vulnerability. There isn't much detail available except that it pertains to Extended Events. More details:
- Elevation of Privilege Vulnerability
- Common Vulnerabilities and Exposures : CVE-2021-1636
- KB #4583468 – Microsoft SQL Server elevation of privilege vulnerability
There are patches for GDR or CU for all supported versions of SQL Server (except 2012 SP4 which doesn't have a CU branch). Find the download for your version on the appropriate page:
If there isn't a fix available for your branch, it might be time to consider moving to a supported version.