Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Microsoft SQL Server 2012 SP2 11.0.5058.0 through 11.0.5387.0 Multiple Privilege Escalation (3194719)

Medium

Synopsis

The remote host is running a version of SQL Server that is vulnerable to multiple privilege escalation attack vectors.

Description

The remote host is running a version of Microsoft SQL Server 2012 SP2 11.0.5058.0 through 11.0.5387.0 and is affected by multiple privilege escalation vulnerabilities :

- A flaw exists in the SQL Server Agent that is triggered as ACLs on 'atxcore.dll' are not properly checked. This may allow an authenticated attacker to gain elevated privileges. (CVE-2016-7253) - A flaw exsts in the RDBMS engine that is triggered during the handling of pointer casting. This may allow an authenticated attacker to gain elevated privileges. (CVE-2016-7254)

Solution

Update to SQL Server 2012 SP2 11.0.5388.0 or higher.