New Update for Vulnerability Affecting SQL Server 2008, 2008 R2, 2012, and 2014

SQL Server

There is a vulnerability that affects SQL Server 2008, 2008 R2, 2012, and 2014 that Microsoft has released a patch to address. The vulnerability is described by Microsoft as “The most severe vulnerabilities could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from a wrong address, leading to a function call to uninitialized memory. To exploit this vulnerability an attacker would need permissions to create or modify a database.”

The good news is an update is available from Microsoft to address this issue, depending on what version of SQL Server you happen to be running. Aaron Bertrand has done a great job of creating a chart that links to the correct Microsoft patch based on the version of SQL Server you happen to be running.

If your version /
service pack is…
…and @@VERSION is in the range… …you should install…
SQL Server 2014   (build list)
SP1 12.0.4050 => 12.0.4212 GDR 12.0.4213 KB #3070446
12.0.4214 => 12.0.4415 CU #1 12.0.4416 KB #3067839
RTM 12.0.2000 => 12.0.2268 GDR 12.0.2269 KB #3045324
12.0.2270 => 12.0.2547 QFE 12.0.2548 KB #3045323
SQL Server 2012   (build list)
SP2 11.0.5058 => 11.0.5342 GDR 11.0.5343 KB #3045321
11.0.5344 => 11.0.5612 QFE 11.0.5613 KB #3045319
SP1 11.0.3000 => 11.0.3155 GDR 11.0.3156 KB #3045318
11.0.3157 => 11.0.3512 QFE 11.0.3513 KB #3045317
RTM 11.0.2100 => 11.0.2999 Move to a newer branch
SQL Server 2008 R2
SP3 10.50.6000 => 10.50.6219 GDR 10.50.6220 KB #3045316
10.50.6221 => 10.50.6528 QFE 10.50.6529 KB #3045314
SP2 10.50.4000 => 10.50.4041 GDR 10.50.4042 KB #3045313
10.50.4043 => 10.50.4338 QFE 10.50.4339 KB #3045312
SP1 or RTM 10.50.1600 => 10.50.3999 Move to a newer branch
SQL Server 2008
SP4 10.0.6000 => 10.0.6240 GDR 10.0.6241 KB #3045311
10.0.6242 => 10.0.6534 QFE 10.0.6535 KB #3045308
SP3 10.0.5500 => 10.0.5537 GDR 10.0.5538 KB #3045305
10.0.5539 => 10.0.5889 QFE 10.0.5890 KB #3045303
SP2, SP1 or RTM 10.0.1600 => 10.0.5499 Move to a newer branch
Advertisements

1 thought on “New Update for Vulnerability Affecting SQL Server 2008, 2008 R2, 2012, and 2014”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s