Technical Information

Brief overview of the risk:
This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from a wrong address, leading to a function call to uninitialized memory. To exploit this vulnerability an attacker would need permissions to create or modify a database.

Detailed Information on the risk:

An elevation of privilege vulnerability exists in Microsoft SQL Server when it improperly casts pointers to an incorrect class. An attacker could exploit the vulnerability if their credentials allow access to an affected SQL server database. An attacker who successfully exploited this vulnerability could gain elevated privileges that could be used to view, change, or delete data; or create new accounts.

Further information on this exploit is available at : MS15-058

SQL Server 2008 Service Pack 3
SQL Server 2008 Service Pack 4
SQL Server 2008 R2 Service Pack 2
SQL Server 2008 R2 Service Pack 3
SQL Server 2012 Service Pack 1
SQL Server 2012 Service Pack 2
SQL Server 2014