【Vulnerability Alert】Critical Security Vulnerability in Microsoft SQL Server (CVE-2026-33120)

Post Date: 2026/05/13

Subject: 【Vulnerability Alert】Critical Security Vulnerability in Microsoft SQL Server (CVE-2026-33120)

Description:
- Forwarded from Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert: TWCERTCC-200-202604-00000020
- Microsoft has released a critical security vulnerability notice for SQL Server (CVE-2026-33120, CVSS: 8.8). This is an Untrusted Pointer Dereference vulnerability that allows an authenticated attacker to execute code over the network.
Affected Platforms:
- Microsoft SQL Server 2022 (GDR) versions 16.0.0 to 16.0.1175.1
Recommended Actions:
- Apply patches according to the solutions released on the official website:
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33120
Reference Materials:
1. https://www.twcert.org.tw/tw/cp-169-10851-e7d71-1.html

Computer and Communication Center
Network Systems Division