A SQL Server security bulletin (MS15-058) was released yesterday (14-Jul-2015).
“This update resolves vulnerabilities in Microsoft SQL Server
that could allow remote code execution if an authenticated attacker runs
a specially crafted query that is designed to execute a virtual
function from a wrong address. This leads to a function call to
uninitialized memory.“
It applies to:
- SQL Server 2008
- SQL Server 2008 R2
- SQL Server 2012
- SQL Server 2014
No comments:
Post a Comment