SQL Server Patch Update July 2015
Today Microsoft has released security bulletin MS15-058 which contains an update addressing a vulnerability which could allow remote code execution. This relies on an attacker being authenticated with permissions to create or modify a database. The attacker would need to run a specially crafted query that is designed to execute a virtual function from a wrong leading to a function call to uninitialized memory.
The update affects the following supported editions:
- Microsoft SQL Server 2008
- Microsoft SQL Server 2008 R2
- Microsoft SQL Server 2012
- Microsoft SQL Server 2014
The security update addresses the vulnerabilities by correcting how SQL Server handles internal function calls and pointer casting. Please note that your system may require a reboot after the update.
The full update can be found here.