| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS16-136 | Security Update for SQL Server (3199641) | SQL Server | Important | 09-11-2016 |
Technical Information
Brief overview of the risk:
This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow an attacker could to gain elevated privileges.
Detailed Information on the risk:
Elevation of privilege vulnerabilities exist in Microsoft SQL Server when it improperly handles pointer casting. An attacker could exploit the vulnerabilities if their credentials allow access to an affected SQL server database. An attacker who successfully exploited the vulnerabilities could gain elevated privileges that could be used to view, change, or delete data; or create new accounts.
The security update addresses the vulnerabilities by correcting how SQL Server handles pointer casting
SQL Server 2012 Service Pack 2The security update addresses the vulnerabilities by correcting how SQL Server handles pointer casting
Further information on this exploit is available at : MS16-136
SQL Server 2012 Service Pack 3
SQL Server 2014 Service Pack 1
SQL Server 2014 Service Pack 2
SQL Server 2016
Affected Software
SQL Server 2012 Service Pack 2SQL Server 2012 Service Pack 3
SQL Server 2014 Service Pack 1
SQL Server 2014 Service Pack 2
SQL Server 2016