SQL Server latest vulnerability Solution

Vulnerability Extension: xp_dirtree Stored Procedure

Beforehand: I recently discovered a vulnerability that was caused by an SQL Server. Just a few days ago, I used a SQL injection tool to inject my server's website, by accident, we found that mssql can be used to obtain all directories on the server (my server has made security settings, then, a packet capture tool is installed on the server to capture the SQL server packets. The tool is used to connect to the SQL vulnerability xp_dirtree to read the Directory and obtain the entire server directory, for example, listing the directory on drive C will list all the directories on drive C, which is very insecure. Currently, we can only investigate and handle the directory wearing things. You can imagine that, if you want to modify a boot. ini overwrites the boot of drive C. what is the concept of ini? First, it can lead to service paralysis and cannot read the system.

Solution: delete xp_dirtree. The command is sp_dropextendedproc 'xp _ dirtree'
If you have deleted the preceding SQL injection tool, you are using the SDK or any SQL injection tool. Here, we also provide you with some other dangerous SQL stored procedures. We recommend that you delete it. [Note: All operations to delete the SQL stored procedure must be performed in the mssql query analyzer. Which of the following statements follow the stored procedure name followed by the command to delete the stored procedure?]

First, list dangerous internal storage processes:

Xp_mongoshell	Sp_dropextendedproc 'xp _ export shell'
Xp_regaddmultistring	Sp_dropextendedproc 'xp _ regaddmultistring'
Xp_regdeletekey	Sp_dropextendedproc 'xp _ regdeletekey'
Xp_regdeletevalue	Sp_dropextendedproc 'xp _ regdeletevalue'
Xp_regenumkeys	Sp_dropextendedproc 'xp _ regenumkeys'
Xp_regenumvalues	Sp_dropextendedproc 'xp _ regenumvalues'
Xp_regread	Sp_dropextendedproc 'xp _ regread'
Xp_regremovemultistring	Sp_dropextendedproc 'xp _ regremovemultistring'
Xp_regwrite	Sp_dropextendedproc 'xp _ regwrite'

ActiveX script:

Sp_OACreate	Sp_dropextendedproc 'SP _ OACreate'
Sp_OADestroy	Sp_dropextendedproc 'SP _ OADestroy'
Sp_OAMethod	Sp_dropextendedproc 'SP _ oamethod'
Sp_OAGetProperty	Sp_dropextendedproc 'SP _ oagetproperties'
Sp_OAGetErrorInfo	Sp_dropextendedproc 'SP _ oageterrorinfo'
Sp_OAStop	Sp_dropextendedproc 'SP _ oastop'

Note: deleting certain stored procedures may cause some functions of the website to be unavailable. Therefore, we recommend that you remove the EXEC permission of the Public group in the extended storage process of the master database, this is relatively safe. If there is no problem, delete it. If there is a problem, you need to change it back.