Fabiano Amorim has a post-mortem of a nasty privilege escalation bug in SQL Server:
This article explores a serious flaw in this security model – a SQL Injection vulnerability in
sys.sp_help_spatial_geography_histogramthat allowed a standard user on managed SQL Server instances (AWS, GCP, Alibaba, Azure) to completely bypass these restrictions, gain access to privileged user data, and decrypt the source code of internal management stored procedures.It was fixed in SQL Server 2022 CU20 (KB5063814), but this article explains how the exploit worked and the process of eliminating it.
Click through for the details and make sure your on-premises SQL Server instances are patched.