Critical patch for all versions of SQL Server!

This is important.  To quote Microsoft, “This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from a wrong address, leading to a function call to uninitialized memory. To exploit this vulnerability an attacker would need permissions to create or modify a database.

This security update is rated Important for supported editions of Microsoft SQL Server 2008, Microsoft SQL Server 2008 R2, Microsoft SQL Server 2012, and Microsoft SQL Server 2014. For more information, see the Affected Software section.

The security update addresses the vulnerabilities by correcting how SQL Server handles internal function calls and pointer casting. For more information about the vulnerabilities, see the Vulnerability Information section.”

The patch covers both GDR and QFE (General Distribution and Quick Fix) and is available at

According to Aaron Bertrand, if you’re running anything except SQL 2014 SP1, you’re potentially vulnerable.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s