SQL Server Patch Update July 2015

Today Microsoft has released security bulletin MS15-058 which contains an update addressing a vulnerability which could allow remote code execution. This relies on an attacker being authenticated with permissions to create or modify a database. The attacker would need to run a specially crafted query that is designed to execute a virtual function from a wrong leading to a function call to uninitialized memory.

The update affects the following supported editions:

• Microsoft SQL Server 2008
• Microsoft SQL Server 2008 R2
• Microsoft SQL Server 2012
• Microsoft SQL Server 2014

The security update addresses the vulnerabilities by correcting how SQL Server handles internal function calls and pointer casting. Please note that your system may require a reboot after the update.

The full update can be found here.