Kaspersky LabKLA10901KLA10901 Multiple vulnerabilities in Microsoft SQL Server
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.23 Low
EPSS
Percentile
96.5%
Detect date:
11/08/2016
Severity:
Critical
Description:
Multiple serious vulnerabilities have been found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to gain privileges or obtain sensitive information.
Affected products:
Microsoft SQL Server 2012 Service Pack 2
Microsoft SQL Server 2012 Service Pack 3
Microsoft SQL Server 2014 Service Pack 1
Microsoft SQL Server 2014 Service Pack 2
Microsoft SQL Server 2016
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
MS16-136
CVE-2016-7254
CVE-2016-7253
CVE-2016-7252
CVE-2016-7251
CVE-2016-7250
CVE-2016-7249
Impacts:
OSI
Related products:
CVE-IDS:
CVE-2016-72546.5High
CVE-2016-72536.5High
CVE-2016-72524.0Warning
CVE-2016-72514.3Warning
CVE-2016-72506.5High
CVE-2016-72496.5High
Microsoft official advisories:
KB list:
3194718
3194724
3194725
3194720
3194722
3194714
3194719
3194717
3194716
3194721
References
support.microsoft.com/kb/3194714
support.microsoft.com/kb/3194716
support.microsoft.com/kb/3194717
support.microsoft.com/kb/3194718
support.microsoft.com/kb/3194719
support.microsoft.com/kb/3194720
support.microsoft.com/kb/3194721
support.microsoft.com/kb/3194722
support.microsoft.com/kb/3194724
support.microsoft.com/kb/3194725
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7249
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7250
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7251
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7252
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7253
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7254
portal.msrc.microsoft.com/en-us/security-guidance
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7249
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7250
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7251
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7252
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7253
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7254
statistics.securelist.com/vulnerability-scan/month
technet.microsoft.com/en-us/library/security/ms16-136.aspx
threats.kaspersky.com/en/product/Microsoft-SQL-Server/
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.23 Low
EPSS
Percentile
96.5%