CVE-2015-1762

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server versions 2008 SP3 through 2014

Description The issue is related to the lack of forced blocking of access to uninitialized memory areas in Microsoft SQL Server, allowing remote authenticated users to execute arbitrary code by making a crafted query. This can be achieved by leveraging certain permissions, such as the VIEW SERVER STATE permission. An attacker could exploit this issue if a privileged user runs a specially crafted query on an affected SQL server with specific permission settings turned on, potentially allowing the attacker to take complete control of the affected system.

Recommendations For Microsoft SQL Server versions 2008 SP3 through 2014, consider restricting access to the VIEW SERVER STATE permission to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid running specially crafted queries on affected SQL servers with special permission settings turned on. Restrict access to internal function calls that handle uninitialized memory to prevent potential exploitation.