Mike Walsh takes us through a recent CVE entry:
On patch Tuesday this week, Microsoft released an Important severity security update (a CVSS base score of 7.5)
The details of this 0-day exploit are available to read at the NIST site, and the Microsoft security update site.
In short, the exploit that Microsoft has discovered and subsequently fixed can allow information disclosure.
The NIST entry is kind of a joke right now, and the Microsoft security update info is basically what they submitted to NIST plus links to download the patches. Still, this is worth patching and it’s an issue that goes back at least to 2016—probably earlier, but 2016 is the last version of SQL Server that still gets security updates.