Andreas Wolter describes a bug in SQL Server’s auditing capabilities:
Last week, I was contacted by an IT Leader from Saudi-Arabia who previously found several CVE’s in Oracle and Microsoft SQL Server. He wanted my opinion on a newly discovered security issue in SQL Server Auditing.
Interestingly, his findings directly overlap with a topic I wrote about just last month: Using Data Classification to Audit Data Access.
Emad Al-Mousa identified two vulnerabilities in the SENSITIVE_BATCH_COMPLETED Audit Action Group. Microsoft Security Response Center (MSRC) acknowledged the issue but classified it as low priority – meaning it may not be addressed until a major release, if at all.
Read on to see what the issue is and how you can trigger it today. Andreas also includes a workaround that will work in the meantime.