Microsoft SQL Server 2014 SP1 12.0.4100.0 through 12.0.4231.0 Privilege Escalation (3194720)
Medium Nessus Network Monitor Plugin ID 9812
SynopsisThe remote host is running a version of SQL Server that is vulnerable to a privilege escalation attack vector.
DescriptionThe remote host is running a version of Microsoft SQL Server 2014 SP1 12.0.4100.0 through 12.0.4231.0 and is affected by a flaw in the RDBMS engine that is triggered during the handling of pointer casting. This may allow an authenticated attacker to gain elevated privileges.
SolutionUpdate to SQL Server 2014 SP1 12.0.4232.0 or higher.