Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Microsoft SQL Server 2012 SP3 11.0.6020.0 through 11.0.6247.0 Multiple Privilege Escalation (3194721)

Medium

Synopsis

The remote host is running a version of SQL Server that is vulnerable to multiple privilege escalation attack vectors.

Description

The remote host is running a version of Microsoft SQL Server 2012 SP3 11.0.6020.0 through 11.0.6247.0 and is affected by multiple privilege escalation vulnerabilities :

- A flaw exists in the SQL Server Agent that is triggered as ACLs on 'atxcore.dll' are not properly checked. This may allow an authenticated attacker to gain elevated privileges. (CVE-2016-7253) - A flaw exsts in the RDBMS engine that is triggered during the handling of pointer casting. This may allow an authenticated attacker to gain elevated privileges. (CVE-2016-7254)

Solution

Update to SQL Server 2012 SP3 11.0.6248.0 or higher.