SQL Server Security Bulletin MS15-058 Released

A SQL Server security bulletin (MS15-058) was released yesterday (14-Jul-2015).
This update resolves vulnerabilities in Microsoft SQL Server that could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from a wrong address. This leads to a function call to uninitialized memory.
It applies to:
  • SQL Server 2008
  • SQL Server 2008 R2
  • SQL Server 2012
  • SQL Server 2014

If you feel confused about what version is affected, please read the blog post by Aaron Bertrand (an useful matrix here).

The KB is the #3065718, more details here.

 

Stay Tuned! 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s