CVE-2015-1763

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server versions 2008 SP3 through 2008 SP4 Microsoft SQL Server versions 2008 R2 SP2 through 2008 R2 SP3 Microsoft SQL Server versions 2012 SP1 through 2012 SP2 Microsoft SQL Server version 2014

Description The issue is related to the incorrect handling of internal function calls to uninitialized memory in Microsoft SQL Server, allowing remote authenticated users to execute arbitrary code via a crafted query. This can lead to an attacker taking complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts.

Recommendations For Microsoft SQL Server versions 2008 SP3 and 2008 SP4, update to a version that includes the fix for this issue. For Microsoft SQL Server versions 2008 R2 SP2 and 2008 R2 SP3, update to a version that includes the fix for this issue. For Microsoft SQL Server versions 2012 SP1 and 2012 SP2, update to a version that includes the fix for this issue. For Microsoft SQL Server version 2014, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation until a patch is available.