<< Back
CVE Number Vulnerability Product Severity Date
MS16-136 Security Update for SQL Server (3199641) SQL Server Important 09-11-2016

Technical Information

Brief overview of the risk:
This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow an attacker could to gain elevated privileges.

Detailed Information on the risk:

Elevation of privilege vulnerabilities exist in Microsoft SQL Server when it improperly handles pointer casting. An attacker could exploit the vulnerabilities if their credentials allow access to an affected SQL server database. An attacker who successfully exploited the vulnerabilities could gain elevated privileges that could be used to view, change, or delete data; or create new accounts.
The security update addresses the vulnerabilities by correcting how SQL Server handles pointer casting

Further information on this exploit is available at : MS16-136

SQL Server 2012 Service Pack 2
SQL Server 2012 Service Pack 3
SQL Server 2014 Service Pack 1
SQL Server 2014 Service Pack 2
SQL Server 2016

Affected Software

SQL Server 2012 Service Pack 2
SQL Server 2012 Service Pack 3
SQL Server 2014 Service Pack 1
SQL Server 2014 Service Pack 2
SQL Server 2016