Microsoft SQL Server 2012 SP3 11.0.6020.0 through 11.0.6247.0 Multiple Privilege Escalation (3194721)
Medium Nessus Network Monitor Plugin ID 9811
SynopsisThe remote host is running a version of SQL Server that is vulnerable to multiple privilege escalation attack vectors.
DescriptionThe remote host is running a version of Microsoft SQL Server 2012 SP3 11.0.6020.0 through 11.0.6247.0 and is affected by multiple privilege escalation vulnerabilities :
- A flaw exists in the SQL Server Agent that is triggered as ACLs on 'atxcore.dll' are not properly checked. This may allow an authenticated attacker to gain elevated privileges. (CVE-2016-7253)
- A flaw exsts in the RDBMS engine that is triggered during the handling of pointer casting. This may allow an authenticated attacker to gain elevated privileges. (CVE-2016-7254)
SolutionUpdate to SQL Server 2012 SP3 11.0.6248.0 or higher.