Description: This event is generated when a command is issued to an SQL database server that may result in a serious compromise of the data stored on that system.
Impact: Serious. An attacker may have gained administrator access to the system.
Corrective: Disallow direct access to the SQL server from sources external to the protected network. Ensure that this event was not generated by a legitimate session then investigate the server for signs of compromise Look for other events generated by the same IP addresses.