Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Microsoft SQL Server 2014 12.0.2254.0 through 12.0.2546.0 Multiple Vulnerabilities (3045324)

High

Synopsis

The remote host is running a version of SQL Server that is vulnerable to multiple attack vectors.

Description

The remote host is running a version of Microsoft SQL Server 2014 12.0.2254.0 through 12.0.2546.0 and is affected by multiple vulnerabilities :

- An unspecified type-casting flaw exists. With a specially crafted query, an authenticated, remote attacker can potentially gain escalated privileges. (CVE-2015-1761) - An unspecified flaw exists related to use of uninitialized memory. With a specially crafted query, an authenticated, remote attacker can potentially execute arbitrary code on the system. (CVE-2015-1762, CVE-2015-1763)

Solution

Update to SQL Server 2014 12.0.2547.0 or higher.