+44 (0)115 933 8474 hello@n4stack.co.uk

SQL Server Patch Update July 2015

Today Microsoft has released security bulletin MS15-058 which contains an update addressing a vulnerability which could allow remote code execution. This relies on an attacker being authenticated with permissions to create or modify a database. The attacker would need to run a specially crafted query that is designed to execute a virtual function from a wrong leading to a function call to uninitialized memory.

The update affects the following supported editions:

  • Microsoft SQL Server 2008
  • Microsoft SQL Server 2008 R2
  • Microsoft SQL Server 2012
  • Microsoft SQL Server 2014

The security update addresses the vulnerabilities by correcting how SQL Server handles internal function calls and pointer casting. Please note that your system may require a reboot after the update.

The full update can be found here.




Share This