CVE-2017-8516 Microsoft Security Update for SQL Server for August 2017

An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces permissions. An attacker could exploit the vulnerability if the attacker's credentials allow access to an affected SQL server database. The security update addresses the vulnerability by correcting how SQL Server Analysis Services enforces permissions.

QID Detection Logic:
This authenticated QID checks for vulnerable MSSQL versions lesser than 2011.110.6251.0, 2011.110.6607.3, 2014.120.4237.0, 2014.120.4522.0, 2014.120.5207.0, 2014.120.5553.0, 2015.130.1742.0, 2015.130.2210.0, 2015.130.4206.0 or 2015.130.4446.0.
Knowledge base articles: KB4019092, KB4019090, KB4019091, KB4032542, KB4019093, KB4019096, KB4019088, KB4019086, KB4019089, KB4019095

Successful exploitation allows an attacker to gain additional database and file information.

Customers are advised to refer to CVE-2017-8516 for more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

4019090

4019091

4032542

4019092

4019093

4036996

4019086

4019088

4019095

4019089