Endpoint Vulnerability

Vulnerabilities in SQL Server Could Allow Remote Code Executionr

Description

This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from a wrong address, leading to a function call to uninitialized memory. To exploit this vulnerability an attacker would need permissions to create or modify a database.

Affected Products

SQL Server 2008 Service Pack 3,SQL Server 2008 Service Pack 4,SQL Server 2008 R2 Service Pack 2,SQL Server 2008 R2 Service Pack 3,SQL Server 2012 Service Pack 1,SQL Server 2012 Service Pack 2,SQL Server 2014