Microsoft Security Response Center

**What privileges does the attacker gain?** An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents.

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.

**If I'm running SQL Server 2019 on premise, am I vulnerable to this CVE?** This vulnerability only exists in the containerized version of SQL Server 2019 for Linux. If you are running that version, Microsoft recommends applying the update.

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

**What privileges are required to exploit this vulnerability?** The attacker needs read access to the target site within SharePoint.

**What information could be disclosed through this vulnerability?** An attacker could potentially read small portions of heap memory.

The following mitigating factors may be helpful in your situation: To be vulnerable, a DNS server would need to have dynamic updates enabled.

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode process.