【Vulnerability Alert】Critical Security Vulnerability in Microsoft SQL Server (CVE-2026-33120)

• Subject: 【Vulnerability Alert】Critical Security Vulnerability in Microsoft SQL Server (CVE-2026-33120)

• Description:
  • Forwarded from Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert: TWCERTCC-200-202604-00000020
  • Microsoft has released a critical security vulnerability notice for SQL Server (CVE-2026-33120, CVSS: 8.8). This is an Untrusted Pointer Dereference vulnerability that allows an authenticated attacker to execute code over the network.
• Affected Platforms:
  • Microsoft SQL Server 2022 (GDR) versions 16.0.0 to 16.0.1175.1
• Recommended Actions:
  • Apply patches according to the solutions released on the official website:
  • https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33120
• Reference Materials:
  1. https://www.twcert.org.tw/tw/cp-169-10851-e7d71-1.html

Computer and Communication Center
Network Systems Division