IRONSMITHINTEL
HIGHCVSS8.8
|
Actively Exploited
|CISA KEV|CVE-2020-0618|Auth: low — authenticated user|Reboot: required|Manual only

KB4532095: Windows Server Security Update (February 2020)

Microsoft SQL Server Reporting Services contains a deserialization vulnerability when handling page requests incorrectly. An authenticated attacker can exploit this vulnerability to execute code in the context of the Report Server service account.

Published Feb 11, 2020 · Updated May 16, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

A remote attacker, with a low-privilege account, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2024-10-09 under CISA BOD 22-01.

How the attack worksNo clicks needed

This is a Deserialization of Untrusted Data (CWE-502) vulnerability in Microsoft SQL Server. A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'. Exploitation requires remote network access, low attack complexity, a low-privilege authenticated account, and no user interaction required.

Am I affected?Quick check

Probably yes if any of these apply:

Database Administrators
IT Security
Running sql server: 2012, 2014, 2016
Fixed inKB4532095, KB4532097, KB4532098, KB4535288, KB4535706 (applies to 8 product versions)
Real-world incidentsWhat we've seen

Active exploitation documented in the wild. Threat-research write-up: http://packetstormsecurity.com/files/156707/SQL-Server-Reporting-Services-SSRS-ViewState-Deserialization.html

How to patch

Manual download

For air-gapped servers or out-of-band deployment. Microsoft Update Catalog returns every OS-version variant of this update.

↗ Microsoft Update CatalogKB4532095

Manual remediation steps

Apply the Microsoft Security Update

Microsoft has released an official security update that fixes this vulnerability.

Required KB Updates

    1
    KB4532095 — https://support.microsoft.com/help/4532095
    1
    KB4532097 — https://support.microsoft.com/help/4532097
    1
    KB4532098 — https://support.microsoft.com/help/4532098
    1
    KB4535288 — https://support.microsoft.com/help/4535288
    1
    KB4535706 — https://support.microsoft.com/help/4535706

Supersedes: KB4057113, KB4500181, KB4505218, KB4505220, KB4527378

Affected Products

    1
    Microsoft SQL Server 2012 for 32-bit Systems Service Pack 4 (QFE)
    1
    Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)
    1
    Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU 4)
    1
    Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR)
    1
    Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU)
    1
    Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR)
    1
    Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (CU)
    1
    Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR)

Installation Methods

Windows Update (recommended)

1
Settings → Windows Update → Check for updates
2
The security update is offered if your system is in scope
3
Restart when prompted (may or may not be required for this update)

Microsoft Update Catalog (manual download)

1
Open https://catalog.update.microsoft.com
2
Search for KB4532095
3
Download the package matching your OS architecture and Windows build
4
Run the .msu installer with administrator privileges
5
Restart when prompted

WSUS / SCCM / Intune

Approve KB4532095 for the affected products in your update management console.

Microsoft Download Center Links

    1
    https://download.microsoft.com/download/2/d/d/2ddc7094-0c7a-40b0-accf-07a5f57e0040/SQLServer2014-KB4532095-x64.exe
    1
    https://download.microsoft.com/download/2/d/d/2ddc7094-0c7a-40b0-accf-07a5f57e0040/SQLServer2014-KB4532095-x86.exe
    1
    https://download.microsoft.com/download/4/b/6/4b623928-0e26-4e4f-9d31-9974af8ac8ba/SQLServer2014-KB4535288-x64.exe
    1
    https://download.microsoft.com/download/4/b/6/4b623928-0e26-4e4f-9d31-9974af8ac8ba/SQLServer2014-KB4535288-x86.exe
    1
    https://download.microsoft.com/download/5/6/b/56bfd2a1-48db-434a-9572-4d8dbf7ef047/SQLServer2012-KB4532098-x64.exe
    1
    (…3 more)

Verification

Confirm the update is installed:

Get-HotFix | Where-Object { $_.HotFixID -in @('KB4532095','KB4532097','KB4532098','KB4535288','KB4535706') }

References

    1
    Microsoft Security Response Center: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2020-0618
    1
    KB article: https://support.microsoft.com/help/4532097
    1
    KB article: https://support.microsoft.com/help/4535706
    1
    NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2020-0618
    1
    CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0618

Discovery Credit

Soroush Dalili (@irsdl)

PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2020-0618MSRC AdvisoryNVDKBKB4532095