CVE-2016-7253

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server versions 2012 SP2 through 2016

Description The issue arises from the SQL Server Agent's failure to properly check the atxcore.dll ACL, allowing remote authenticated users to gain privileges. An attacker could exploit this issue if their credentials allow access to an affected SQL server database, potentially gaining elevated privileges to view, change, or delete data, or create new accounts.

Recommendations For Microsoft SQL Server 2012 SP2, update to a version that properly checks the atxcore.dll ACL to prevent elevation of privilege. For Microsoft SQL Server 2012 SP3, update to a version that properly checks the atxcore.dll ACL to prevent elevation of privilege. For Microsoft SQL Server 2014 SP1, update to a version that properly checks the atxcore.dll ACL to prevent elevation of privilege. For Microsoft SQL Server 2014 SP2, update to a version that properly checks the atxcore.dll ACL to prevent elevation of privilege. For Microsoft SQL Server 2016, update to a version that properly checks the atxcore.dll ACL to prevent elevation of privilege.