2020-11 - Synergetic Security Hotfix - 17th November 2020

Owned by Scott Le Brun (Deactivated)
Last updated: Nov 12, 2023 by Chris Savage

Issue

There is the possibility, under certain circumstances that the permissions on the SQL Backup share were incorrectly set up potentially allowing unauthorised access. Affected systems will be fixed via an automated hotfix deployment on 17th November 2020.

Fix

A PowerShell script has been developed to reconfigure the SQL Backup network share permissions and log actions taken to the Windows event 'Application' log.

  • Determine if SQL Server is installed on the target server and record service account names
  • Identify network shares hosted on the target server with share names matching 'back' or 'bak'
  • For each matching network share
    • remove all current share permissions
    • add 'BUILTIN\Administrators' group with 'Full' share permissions
    • add SQL Server service accounts with 'Change' share permissions

The script will be packaged as an executable and delivered via an automated hotfix deployment system.

Outcome

Once complete, the SQL Backup network share permissions will only explicitly allow connections from SQL Server service accounts and from users that are members of the local administrators group.

Evidence

Evidence of the script actions can be viewed using the Windows Event Viewer. Under the 'Application' log, search for entries with the source 'SQLBackupPermissionsFixScript' or with Event ID 1001 & 1002.


Resources

The PowerShell script and packaged executable are both available for download here if you wish to analyse the code before deployment or if you prefer your IT team to perform the deployment manually. Please note the PowerShell script will require elevated permissions in order to run successfully.