CVE-2014-4061

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server versions 2008 SP3, 2008 R2 SP2, and 2012 SP1

Description A denial of service issue exists due to improper control of stack memory for processing T-SQL batch commands. This allows remote authenticated users to cause a denial of service, resulting in the server stopping responding until a manual reboot is initiated.

Recommendations For Microsoft SQL Server 2008 SP3, consider applying a patch or fix to resolve the issue. For Microsoft SQL Server 2008 R2 SP2, consider applying a patch or fix to resolve the issue. For Microsoft SQL Server 2012 SP1, consider applying a patch or fix to resolve the issue. As a temporary workaround, consider restricting access to T-SQL batch commands to minimize the risk of exploitation.