Microsoft SQL Server 2014 / 2016 / 2017 / 2019 / 2022 Audit Logging Failure | allinfosecnews.com

March 16, 2023, 2:48 p.m. |

Packet Storm packetstormsecurity.com

Microsoft SQL Server 2014, 2016, 2017, 2019, and 2022 appears to ignore audit rules for sys.sysxlgns allowing an attacker with administrative permissions to extract password hashes under the radar. Microsoft told the researcher they are not willing to fix it but acknowledge it as a security problem.

audit extract fix hashes logging microsoft microsoft sql microsoft sql server password permissions problem radar researcher rules security server sql sql server under under the radar

More from packetstormsecurity.com / Packet Storm

Ubuntu Security Notice USN-6770-1 1 day, 13 hours ago | packetstormsecurity.com

apache discovery fixes handling +13

Ubuntu Security Notice USN-6769-1 1 day, 13 hours ago | packetstormsecurity.com

attacker configuration default denial of service +15

Red Hat Security Advisory 2024-2799-03 1 day, 13 hours ago | packetstormsecurity.com

advisory buffer buffer overflow code +11

Red Hat Security Advisory 2024-2793-03 1 day, 13 hours ago | packetstormsecurity.com

advisory denial of service enterprise linux +7

Red Hat Security Advisory 2024-2705-03 1 day, 13 hours ago | packetstormsecurity.com

advisory build quarkus red hat +3

Red Hat Security Advisory 2024-2672-03 1 day, 13 hours ago | packetstormsecurity.com

advisory bugs code code execution +15

Red Hat Security Advisory 2024-2671-03 1 day, 13 hours ago | packetstormsecurity.com

advisory bugs build denial of service +10

Red Hat Security Advisory 2024-2669-03 1 day, 13 hours ago | packetstormsecurity.com

advisory bugs code code execution +13

Red Hat Security Advisory 2024-2668-03 1 day, 13 hours ago | packetstormsecurity.com

advisory bugs container denial of service +13

G230ISSO2 - Mid Level Information System Security Officer - Cleared

@ NiSUS Technologies | Annapolis Junction, Maryland, United States

View on infosec-jobs.com

Security Incident Response Engineer

@ Oracle | JALISCO, Mexico

View on infosec-jobs.com

Security Compliance Specialist

@ Cloudflare, Inc. | Hybrid or Remote

View on infosec-jobs.com

Senior Security DevOps

@ SAP | Sofia, BG, 1407

View on infosec-jobs.com

Senior Cyber Security Engineer

@ Node.Digital | Dulles, Virginia, United States

View on infosec-jobs.com

Manager, Data Insights and Forensics

@ Kroll | New York City, United States

View on infosec-jobs.com