Applies To: SQL Server 2016
This rule determines whether the dbo role for a database is assigned to the sysadmin fixed server role and the database has its trustworthy bit set to ON.
If these conditions are met, a privileged database user can elevate privileges to the sysadmin role. In this role, the user can create and run unsafe assemblies that compromise the system.
Turn off the trustworthy bit or revoke sysadmin permissions from the dbo database role.