Microsoft SQL Server Agent Elevation of Privilege Vulnerability

2016-11-08T08:00:00

Description

An elevation of privilege vulnerability exists in Microsoft SQL Server Engine when SQL Server Agent incorrectly checks ACLs on atxcore.dll. An attacker could exploit the vulnerability if the attacker's credentials allow access to an affected SQL server database. An attacker who successfully exploited the vulnerability could gain elevated privileges that could be used to view, change, or delete data; or create new accounts. The security update addresses the vulnerability by correcting how SQL Server Engine handles ACLs.

{"id": "MS:CVE-2016-7253", "vendorId": null, "type": "mscve", "bulletinFamily": "microsoft", "title": "Microsoft SQL Server Agent Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists in Microsoft SQL Server Engine when SQL Server Agent incorrectly checks ACLs on atxcore.dll. An attacker could exploit the vulnerability if the attacker's credentials allow access to an affected SQL server database.\n\nAn attacker who successfully exploited the vulnerability could gain elevated privileges that could be used to view, change, or delete data; or create new accounts.\n\nThe security update addresses the vulnerability by correcting how SQL Server Engine handles ACLs.\n", "published": "2016-11-08T08:00:00", "modified": "2020-05-27T07:00:00", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2016-7253", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2016-7253"], "immutableFields": [], "lastseen": "2021-12-06T18:25:24", "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-7253"]}, {"type": "kaspersky", "idList": ["KLA10901"]}, {"type": "mskb", "idList": ["KB3199641"]}, {"type": "nessus", "idList": ["9810.PRM", "9811.PRM", "SMB_KB3199641.NASL", "SMB_NT_MS16-136.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310809096"]}, {"type": "symantec", "idList": ["SMNTC-94056"]}]}, "score": {"value": 6.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2016-7253"]}, {"type": "kaspersky", "idList": ["KLA10901"]}, {"type": "mskb", "idList": ["KB3194714"]}, {"type": "nessus", "idList": ["SMB_KB3199641.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310809096"]}, {"type": "threatpost", "idList": ["THREATPOST:2C2827FBF9D900F4194802CE8C471B4C"]}]}, "exploitation": null, "vulnersScore": 6.5}, "kbList": ["KB3194720", "KB3194714", "KB3194725", "KB3194721", "KB3194718", "KB3194719", "KB3194724", "KB3194722"], "msrc": "", "mscve": "CVE-2016-7253", "msAffectedSoftware": [{"name": "Microsoft SQL Server 2014 Service Pack 2 for x64-based Systems (GDR)", "kbSupersedence": "", "kb": "KB3194714", "msplatform": "", "version": "", "operator": ""}, {"name": "Microsoft SQL Server 2014 Service Pack 2 for x64-based Systems (CU)", "kbSupersedence": "", "kb": "KB3194718", "msplatform": "", "version": "", "operator": ""}, {"name": "Microsoft SQL Server 2014 Service Pack 2 for 32-bit Systems (CU)", "kbSupersedence": "", "kb": "KB3194718", "msplatform": "", "version": "", "operator": ""}, {"name": "Microsoft SQL Server 2014 Service Pack 2 for 32-bit Systems (GDR)", "kbSupersedence": "", "kb": "KB3194714", "msplatform": "", "version": "", "operator": ""}, {"name": "Microsoft SQL Server 2014 Service Pack 1 for x64-based Systems (CU)", "kbSupersedence": "", "kb": "KB3194722", "msplatform": "", "version": "", "operator": ""}, {"name": "Microsoft SQL Server 2014 Service Pack 1 for x64-based Systems (GDR)", "kbSupersedence": "", "kb": "KB3194720", "msplatform": "", "version": "", "operator": ""}, {"name": "Microsoft SQL Server 2014 Service Pack 1 for 32-bit Systems (CU)", "kbSupersedence": "", "kb": "KB3194722", "msplatform": "", "version": "", "operator": ""}, {"name": "Microsoft SQL Server 2014 Service Pack 1 for 32-bit Systems (GDR)", "kbSupersedence": "", "kb": "KB3194720", "msplatform": "", "version": "", "operator": ""}, {"name": "Microsoft SQL Server 2012 for x64-based Systems Service Pack 3 (CU)", "kbSupersedence": "", "kb": "KB3194724", "msplatform": "", "version": "", "operator": ""}, {"name": "Microsoft SQL Server 2012 for x64-based Systems Service Pack 3 (GDR)", "kbSupersedence": "", "kb": "KB3194721", "msplatform": "", "version": "", "operator": ""}, {"name": "Microsoft SQL Server 2012 for x64-based Systems Service Pack 2 (CU)", "kbSupersedence": "", "kb": "KB3194725", "msplatform": "", "version": "", "operator": ""}, {"name": "Microsoft SQL Server 2012 for x64-based Systems Service Pack 2 (GDR)", "kbSupersedence": "", "kb": "KB3194719", "msplatform": "", "version": "", "operator": ""}, {"name": "Microsoft SQL Server 2012 for 32-bit Systems Service Pack 3 (CU)", "kbSupersedence": "", "kb": "KB3194724", "msplatform": "", "version": "", "operator": ""}, {"name": "Microsoft SQL Server 2012 for 32-bit Systems Service Pack 3 (GDR)", "kbSupersedence": "", "kb": "KB3194721", "msplatform": "", "version": "", "operator": ""}, {"name": "Microsoft SQL Server 2012 for 32-bit Systems Service Pack 2 (CU)", "kbSupersedence": "", "kb": "KB3194725", "msplatform": "", "version": "", "operator": ""}, {"name": "Microsoft SQL Server 2012 for 32-bit Systems Service Pack 2 (GDR)", "kbSupersedence": "", "kb": "KB3194719", "msplatform": "", "version": "", "operator": ""}], "vendorCvss": {"baseScore": "", "temporalScore": "", "vectorString": ""}, "_state": {"dependencies": 1647589307, "score": 0}}

{"symantec": [{"lastseen": "2021-06-08T19:04:50", "description": "### Description\n\nMicrosoft SQL Server is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges.\n\n### Technologies Affected\n\n * Microsoft SQL Server 2012 for 32-bit Systems Service Pack 2 \n * Microsoft SQL Server 2012 for 32-bit Systems Service Pack 3 \n * Microsoft SQL Server 2012 for x64-based Systems Service Pack 2 \n * Microsoft SQL Server 2012 for x64-based Systems Service Pack 3 \n * Microsoft SQL Server 2014 for 32-bit Systems Service Pack 1 \n * Microsoft SQL Server 2014 for 32-bit Systems Service Pack 2 \n * Microsoft SQL Server 2014 for x64-based Systems Service Pack 1 \n * Microsoft SQL Server 2014 for x64-based Systems Service Pack 2 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "cvss3": {}, "published": "2016-11-08T00:00:00", "type": "symantec", "title": "Microsoft SQL Server CVE-2016-7253 Privilege Escalation Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2016-7253"], "modified": "2016-11-08T00:00:00", "id": "SMNTC-94056", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/94056", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2022-03-23T15:11:37", "description": "The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecified vectors, aka \"SQL Server Agent Elevation of Privilege Vulnerability.\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-10T07:00:00", "type": "cve", "title": "CVE-2016-7253", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7253"], "modified": "2018-10-12T22:14:00", "cpe": ["cpe:/a:microsoft:sql_server:2012", "cpe:/a:microsoft:sql_server:2014"], "id": "CVE-2016-7253", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7253", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:microsoft:sql_server:2014:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:sql_server:2012:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:sql_server:2012:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:sql_server:2014:sp2:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-08-19T12:38:40", "description": "The remote host is running a version of Microsoft SQL Server 2012 SP2 11.0.5058.0 through 11.0.5387.0 and is affected by multiple privilege escalation vulnerabilities :\n\n - A flaw exists in the SQL Server Agent that is triggered as ACLs on 'atxcore.dll' are not properly checked. This may allow an authenticated attacker to gain elevated privileges. (CVE-2016-7253)\n - A flaw exsts in the RDBMS engine that is triggered during the handling of pointer casting. This may allow an authenticated attacker to gain elevated privileges. (CVE-2016-7254)", "cvss3": {"score": 6.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}, "published": "2016-12-12T00:00:00", "type": "nessus", "title": "Microsoft SQL Server 2012 SP2 11.0.5058.0 through 11.0.5387.0 Multiple Privilege Escalation (3194719)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7253", "CVE-2016-7254"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:microsoft:sql_server:2012:sp2:*:*:*:*:*:*"], "id": "9810.PRM", "href": "https://www.tenable.com/plugins/nnm/9810", "sourceData": "Binary data 9810.prm", "cvss": {"score": 6.5, "vector": "CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:40", "description": "The remote host is running a version of Microsoft SQL Server 2012 SP3 11.0.6020.0 through 11.0.6247.0 and is affected by multiple privilege escalation vulnerabilities :\n\n - A flaw exists in the SQL Server Agent that is triggered as ACLs on 'atxcore.dll' are not properly checked. This may allow an authenticated attacker to gain elevated privileges. (CVE-2016-7253)\n - A flaw exsts in the RDBMS engine that is triggered during the handling of pointer casting. This may allow an authenticated attacker to gain elevated privileges. (CVE-2016-7254)", "cvss3": {"score": 6.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}, "published": "2016-12-12T00:00:00", "type": "nessus", "title": "Microsoft SQL Server 2012 SP3 11.0.6020.0 through 11.0.6247.0 Multiple Privilege Escalation (3194721)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7253", "CVE-2016-7254"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:microsoft:sql_server:2012:sp3:*:*:*:*:*:*"], "id": "9811.PRM", "href": "https://www.tenable.com/plugins/nnm/9811", "sourceData": "Binary data 9811.prm", "cvss": {"score": 6.5, "vector": "CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:09:29", "description": "The remote Microsoft SQL Server is missing a security update. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple elevation of privilege vulnerabilities exist in the SQL RDBMS Engine due to improper handling of pointer casting. An authenticated, remote attacker can exploit these to gain elevated privileges.\n (CVE-2016-7249, CVE-2016-7250, CVE-2016-7254)\n\n - A cross-site scripting (XSS) vulnerability exists in the SQL server MDS API due to improper validation of a request parameter on the SQL server site. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary code in the user's browser session. (CVE-2016-7251)\n\n - An information disclosure vulnerability exists in Microsoft SQL Analysis Services due to improper validation of the FILESTREAM path. An authenticated, remote attacker can exploit this to disclose sensitive database and file information. (CVE-2016-7252)\n\n - An elevation of privilege vulnerability exists in the Microsoft SQL Server Engine due to improper checking by the SQL Server Agent of ACLs on atxcore.dll. An authenticated, remote attacker can exploit this to gain elevated privileges. (CVE-2016-7253)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-08T00:00:00", "type": "nessus", "title": "MS16-136: Security Update for SQL Server (3199641)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7249", "CVE-2016-7250", "CVE-2016-7251", "CVE-2016-7252", "CVE-2016-7253", "CVE-2016-7254"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:microsoft:sql_server"], "id": "SMB_NT_MS16-136.NASL", "href": "https://www.tenable.com/plugins/nessus/94637", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94637);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2016-7249\",\n \"CVE-2016-7250\",\n \"CVE-2016-7251\",\n \"CVE-2016-7252\",\n \"CVE-2016-7253\",\n \"CVE-2016-7254\"\n );\n script_bugtraq_id(\n 94037,\n 94043,\n 94050,\n 94056,\n 94060,\n 94061\n );\n script_xref(name:\"MSFT\", value:\"MS16-136\");\n script_xref(name:\"MSKB\", value:\"3194714\");\n script_xref(name:\"MSKB\", value:\"3194716\");\n script_xref(name:\"MSKB\", value:\"3194717\");\n script_xref(name:\"MSKB\", value:\"3194718\");\n script_xref(name:\"MSKB\", value:\"3194719\");\n script_xref(name:\"MSKB\", value:\"3194720\");\n script_xref(name:\"MSKB\", value:\"3194721\");\n script_xref(name:\"MSKB\", value:\"3194722\");\n script_xref(name:\"MSKB\", value:\"3194724\");\n script_xref(name:\"MSKB\", value:\"3194725\");\n\n script_name(english:\"MS16-136: Security Update for SQL Server (3199641)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SQL server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Microsoft SQL Server is missing a security update. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - Multiple elevation of privilege vulnerabilities exist\n in the SQL RDBMS Engine due to improper handling of\n pointer casting. An authenticated, remote attacker can\n exploit these to gain elevated privileges.\n (CVE-2016-7249, CVE-2016-7250, CVE-2016-7254)\n\n - A cross-site scripting (XSS) vulnerability exists in\n the SQL server MDS API due to improper validation of a\n request parameter on the SQL server site. An\n unauthenticated, remote attacker can exploit this, via\n a specially crafted request, to execute arbitrary code\n in the user's browser session. (CVE-2016-7251)\n\n - An information disclosure vulnerability exists in\n Microsoft SQL Analysis Services due to improper\n validation of the FILESTREAM path. An authenticated,\n remote attacker can exploit this to disclose sensitive\n database and file information. (CVE-2016-7252)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft SQL Server Engine due to improper checking by\n the SQL Server Agent of ACLs on atxcore.dll. An\n authenticated, remote attacker can exploit this to gain\n elevated privileges. (CVE-2016-7253)\");\n # https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-136\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7fef1e99\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for SQL Server 2012, 2014, and\n2016.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-7254\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:sql_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"mssql_version.nasl\", \"smb_enum_services.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, 1433, \"Services/mssql\", \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS16-136';\nkbs = make_list(\n \"3194714\",\n \"3194716\",\n \"3194717\",\n \"3194718\",\n \"3194719\",\n \"3194720\",\n \"3194721\",\n \"3194722\",\n \"3194724\",\n \"3194725\"\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nver_list = get_kb_list(\"mssql/installs/*/SQLVersion\");\n\nif (isnull(ver_list)) audit(AUDIT_NOT_INST, \"Microsoft SQL Server\");\n\n# Database Services Core Instance\nforeach item (keys(ver_list))\n{\n item -= 'mssql/installs/';\n item -= '/SQLVersion';\n sqlpath = item;\n\n share = hotfix_path2share(path:sqlpath);\n if (!is_accessible_share(share:share)) continue;\n\n version = get_kb_item(\"mssql/installs/\" + sqlpath + \"/SQLVersion\");\n\n # continue if not SQL Server 2012, 2014, or 2016\n if (version !~ \"^11\\.0\\.\" && version !~ \"^12\\.0\\.\" && version !~ \"^13\\.0\\.\") continue;\n\n sqltype = get_kb_item(\"mssql/installs/\" + sqlpath + \"/edition_type\");\n if (isnull(sqltype)) sqltype = get_kb_item(\"mssql/installs/\" + sqlpath + \"/edition\");\n\n if (\n sqlpath &&\n # 2012 SP2 GDR\n hotfix_is_vulnerable(path:sqlpath, file:\"sqlservr.exe\", version:\"2011.110.5388.0\", min_version:\"2011.110.5058.0\", bulletin:bulletin, kb:'3194719') ||\n # 2012 SP2 CU\n hotfix_is_vulnerable(path:sqlpath, file:\"sqlservr.exe\", version:\"2011.110.5676.0\", min_version:\"2011.110.5500.0\", bulletin:bulletin, kb:'3194725') ||\n # 2012 SP3 GDR\n hotfix_is_vulnerable(path:sqlpath, file:\"sqlservr.exe\", version:\"2011.110.6248.0\", min_version:\"2011.110.6020.0\", bulletin:bulletin, kb:'3194721') ||\n # 2012 SP3 CU\n hotfix_is_vulnerable(path:sqlpath, file:\"sqlservr.exe\", version:\"2011.110.6567.0\", min_version:\"2011.110.6300.0\", bulletin:bulletin, kb:'3194724') ||\n # 2014 SP1 GDR\n hotfix_is_vulnerable(path:sqlpath, file:\"sqlservr.exe\", version:\"2014.120.4232.0\", min_version:\"2014.120.4100.0\", bulletin:bulletin, kb:'3194720') ||\n # 2014 SP1 CU\n hotfix_is_vulnerable(path:sqlpath, file:\"sqlservr.exe\", version:\"2014.120.4487.0\", min_version:\"2014.120.4400.0\", bulletin:bulletin, kb:'3194722') ||\n # 2014 SP2 GDR\n hotfix_is_vulnerable(path:sqlpath, file:\"sqlservr.exe\", version:\"2014.120.5203.0\", min_version:\"2014.120.5000.0\", bulletin:bulletin, kb:'3194714') ||\n # 2014 SP2 CU\n hotfix_is_vulnerable(path:sqlpath, file:\"sqlservr.exe\", version:\"2014.120.5532.0\", min_version:\"2014.120.5400.0\", bulletin:bulletin, kb:'3194718') ||\n # 2016 GDR\n hotfix_is_vulnerable(path:sqlpath, file:\"sqlservr.exe\", version:\"2015.130.1722.0\", min_version:\"2015.130.1601.5\", bulletin:bulletin, kb:'3194716') ||\n # 2016 CU\n hotfix_is_vulnerable(path:sqlpath, file:\"sqlservr.exe\", version:\"2015.130.2186.6\", min_version:\"2015.130.2100.0\", bulletin:bulletin, kb:'3194717')\n )\n {\n vuln++;\n }\n}\nhotfix_check_fversion_end();\n\nif (vuln)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE); # CVE-2016-7251\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_warning();\n exit(0);\n}\naudit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:29:59", "description": "The remote Microsoft SQL Server is missing a security update. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple elevation of privilege vulnerabilities exist in the SQL RDBMS Engine due to improper handling of pointer casting. An authenticated, remote attacker can exploit these to gain elevated privileges.\n (CVE-2016-7249, CVE-2016-7250, CVE-2016-7254)\n\n - A cross-site scripting (XSS) vulnerability exists in the SQL server MDS API due to improper validation of a request parameter on the SQL server site. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary code in the user's browser session. (CVE-2016-7251)\n\n - An information disclosure vulnerability exists in Microsoft SQL Analysis Services due to improper validation of the FILESTREAM path. An authenticated, remote attacker can exploit this to disclose sensitive database and file information. (CVE-2016-7252)\n\n - An elevation of privilege vulnerability exists in the Microsoft SQL Server Engine due to improper checking by the SQL Server Agent of ACLs on atxcore.dll. An authenticated, remote attacker can exploit this to gain elevated privileges. (CVE-2016-7253)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-28T00:00:00", "type": "nessus", "title": "MS16-136: Security Update for SQL Server (3199641) (uncredentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7249", "CVE-2016-7250", "CVE-2016-7251", "CVE-2016-7252", "CVE-2016-7253", "CVE-2016-7254"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:microsoft:sql_server"], "id": "SMB_KB3199641.NASL", "href": "https://www.tenable.com/plugins/nessus/122484", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122484);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2016-7249\",\n \"CVE-2016-7250\",\n \"CVE-2016-7251\",\n \"CVE-2016-7252\",\n \"CVE-2016-7253\",\n \"CVE-2016-7254\"\n );\n script_bugtraq_id(\n 94037,\n 94043,\n 94050,\n 94056,\n 94060,\n 94061\n );\n script_xref(name:\"MSFT\", value:\"MS16-136\");\n script_xref(name:\"MSKB\", value:\"3194714\");\n script_xref(name:\"MSKB\", value:\"3194716\");\n script_xref(name:\"MSKB\", value:\"3194717\");\n script_xref(name:\"MSKB\", value:\"3194718\");\n script_xref(name:\"MSKB\", value:\"3194719\");\n script_xref(name:\"MSKB\", value:\"3194720\");\n script_xref(name:\"MSKB\", value:\"3194721\");\n script_xref(name:\"MSKB\", value:\"3194722\");\n script_xref(name:\"MSKB\", value:\"3194724\");\n script_xref(name:\"MSKB\", value:\"3194725\");\n\n script_name(english:\"MS16-136: Security Update for SQL Server (3199641) (uncredentialed check)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SQL server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Microsoft SQL Server is missing a security update. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - Multiple elevation of privilege vulnerabilities exist\n in the SQL RDBMS Engine due to improper handling of\n pointer casting. An authenticated, remote attacker can\n exploit these to gain elevated privileges.\n (CVE-2016-7249, CVE-2016-7250, CVE-2016-7254)\n\n - A cross-site scripting (XSS) vulnerability exists in\n the SQL server MDS API due to improper validation of a\n request parameter on the SQL server site. An\n unauthenticated, remote attacker can exploit this, via\n a specially crafted request, to execute arbitrary code\n in the user's browser session. (CVE-2016-7251)\n\n - An information disclosure vulnerability exists in\n Microsoft SQL Analysis Services due to improper\n validation of the FILESTREAM path. An authenticated,\n remote attacker can exploit this to disclose sensitive\n database and file information. (CVE-2016-7252)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft SQL Server Engine due to improper checking by\n the SQL Server Agent of ACLs on atxcore.dll. An\n authenticated, remote attacker can exploit this to gain\n elevated privileges. (CVE-2016-7253)\");\n # https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-136\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7fef1e99\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for SQL Server 2012, 2014, and\n2016.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-7254\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/28\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:sql_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mssqlserver_detect.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(1433, \"Services/mssql\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nport = get_service(svc:\"mssql\", exit_on_fail:TRUE);\ninstance = get_kb_item(\"MSSQL/\" + port + \"/InstanceName\");\nversion = get_kb_item_or_exit(\"MSSQL/\" + port + \"/Version\");\n\nver = pregmatch(pattern:\"^([0-9.]+)([^0-9]|$)\", string:version);\nif(!isnull(ver) && !isnull(ver[1])) ver = ver[1];\n\nif (\n ver_compare(minver:\"11.0.5058.0\", ver:ver, fix:\"11.0.5388.0\", strict:FALSE) < 0 || # 2012 SP2 GDR\n ver_compare(minver:\"11.0.5500.0\", ver:ver, fix:\"11.0.5676.0\", strict:FALSE) < 0 || # 2012 SP2 CU\n ver_compare(minver:\"11.0.6020.0\", ver:ver, fix:\"11.0.6248.0\", strict:FALSE) < 0 || # 2012 SP3 GDR\n ver_compare(minver:\"11.0.6300.0\", ver:ver, fix:\"11.0.6567.0\", strict:FALSE) < 0 || # 2012 SP3 CU\n ver_compare(minver:\"12.0.4100.0\", ver:ver, fix:\"12.0.4232.0\", strict:FALSE) < 0 || # 2014 SP1 GDR\n ver_compare(minver:\"12.0.4400.0\", ver:ver, fix:\"12.0.4487.0\", strict:FALSE) < 0 || # 2014 SP1 CU\n ver_compare(minver:\"12.0.5000.0\", ver:ver, fix:\"12.0.5203.0\", strict:FALSE) < 0 || # 2014 SP2 GDR\n ver_compare(minver:\"12.0.5400.0\", ver:ver, fix:\"12.0.5532.0\", strict:FALSE) < 0 || # 2014 SP2 CU\n ver_compare(minver:\"13.0.1601.0\", ver:ver, fix:\"13.0.1722.0\", strict:FALSE) < 0 || # 2016 GDR\n ver_compare(minver:\"13.0.2100.0\", ver:ver, fix:\"13.0.2186.0\", strict:FALSE) < 0 # 2016 CU\n)\n{\n report = '';\n if(!empty_or_null(version)) report += '\\n SQL Server Version : ' + version;\n if(!empty_or_null(instance)) report += '\\n SQL Server Instance : ' + instance;\n security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"MSSQL\", version);\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "mskb": [{"lastseen": "2021-01-01T22:50:55", "description": "<html><body><p>Resolves vulnerabilities in Microsoft SQL Server that could allow an attacker to gain elevated privileges that might be used to create accounts, or view, change, or delete data.</p><h2>Summary</h2><div class=\"kb-summary-section section\">This update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow an attacker to gain elevated privileges that might be used to create accounts, or view, change, or delete data. To learn more about these vulnerabilities, see <a href=\"https://technet.microsoft.com/library/security/ms16-136\" id=\"kb-link-2\" target=\"_self\">Microsoft Security Bulletin MS16-136</a>.<br/><br/><br/><span></span></div><h2></h2><div class=\"kb-moreinformation-section section\"><h3 class=\"sbody-h3\">Additional information about this security update</h3>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.<ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/3194716\" id=\"kb-link-3\">3194716 </a> MS16-136: Description of the security update for SQL Server 2016 GDR: November 8, 2016</li><li><a href=\"https://support.microsoft.com/en-us/help/3194717\" id=\"kb-link-4\">3194717 </a> MS16-136: Description of the security update for SQL Server 2016 CU: November 8, 2016</li><li><a href=\"https://support.microsoft.com/en-us/help/3194714\" id=\"kb-link-5\">3194714 </a> MS16-136: Description of the security update for SQL Server 2014 Service Pack 2 GDR: November 8, 2016</li><li><a href=\"https://support.microsoft.com/en-us/help/3194718\" id=\"kb-link-6\">3194718 </a> MS16-136: Description of the security update for SQL Server 2014 Service Pack 2 CU: November 8, 2016</li><li><a href=\"https://support.microsoft.com/en-us/help/3194720\" id=\"kb-link-7\">3194720 </a> MS16-136: Description of the security update for SQL Server 2014 Service Pack 1 GDR: November 8, 2016</li><li><a href=\"https://support.microsoft.com/en-us/help/3194722\" id=\"kb-link-8\">3194722 </a> MS16-136: Description of the security update for SQL Server 2014 Service Pack 1 CU: November 8, 2016</li><li><a href=\"https://support.microsoft.com/en-us/help/3194721\" id=\"kb-link-9\">3194721 </a> MS16-136: Description of the security update for SQL Server 2012 Service Pack 3 GDR: November 8, 2016</li><li><a href=\"https://support.microsoft.com/en-us/help/3194724\" id=\"kb-link-10\">3194724 </a> MS16-136: Description of the security update for SQL Server 2012 Service Pack 3 CU: November 8, 2016</li><li><a href=\"https://support.microsoft.com/en-us/help/3194719\" id=\"kb-link-11\">3194719 </a> MS16-136: Description of the security update for SQL Server 2012 Service Pack 2 GDR: November 8, 2016</li><li><a href=\"https://support.microsoft.com/en-us/help/3194725\" id=\"kb-link-12\">3194725 </a> MS16-136: Description of the security update for SQL Server 2012 Service Pack 2 CU: November 8, 2016</li></ul></div><h2></h2><div class=\"kb-summary-section section\"><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Security update deployment information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><h4 class=\"sbody-h4\">SQL Server 2012 Service Pack 2</h4><div class=\"kb-collapsible kb-collapsible-collapsed\"><span class=\"text-base\">Reference table</span><br/><br/>The following table contains the security update information for this software. <br/><br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file names</span></td><td class=\"sbody-td\">For GDR update of SQL Server 2012 Service Pack 2 for 32-bit Systems:<br/><span class=\"text-base\">SQLServer2012-KB3194719-x86.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For GDR update of SQL Server 2012 Service Pack 2 for x64-based Systems:<br/><span class=\"text-base\">SQLServer2012-KB3194719-x64.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For CU update of SQL Server 2012 Service Pack 2 for 32-bit Systems:<br/><span class=\"text-base\">SQLServer2012-KB</span><span class=\"text-base\">3194725-x86.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For CU update of SQL Server 2012 Service Pack 2 for x64-based Systems:<br/><span class=\"text-base\">SQLServer2012-KB</span><span class=\"text-base\">3194725-x64.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-14\" target=\"_self\">Microsoft Knowledge Base article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Update log file</span></td><td class=\"sbody-td\">%programfiles%\\Microsoft SQL Server\\110\\Setup Bootstrap\\LOG\\<TimeStamp>\\MSSQLServer\\Summary_<MachineName>_<Timestamp>.txt</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Special instructions</span></td><td class=\"sbody-td\">This update is also offered to SQL Server 2012 Service Pack 2 (SP2) instances that are clustered.<br/><br/>To reduce downtime if your SQL Server 2012 SP2 cluster has a passive node, Microsoft recommends that you scan and apply the update to the inactive node first, and then scan and apply it to the active node. After all components are updated on all nodes, the update will no longer be offered.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">A restart of the SQL Server instance is required if files are in use.<br/><br/>If a restart is required, the installer prompts or returns exit code 3010.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">Use <strong class=\"uiterm\">Add or Remove Programs</strong> in Control Panel.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">For GDR update of SQL Server 2012 Service Pack 2:<br/>See <a href=\"https://support.microsoft.com/help/3194719\" id=\"kb-link-15\" target=\"_self\">Microsoft Knowledge Base article 3194719</a><br/><br/>For CU update of SQL Server 2012 Service Pack 2:<br/>See <a href=\"https://support.microsoft.com/help/3194725\" id=\"kb-link-16\" target=\"_self\">Microsoft Knowledge Base Article 3194725</a></td></tr></table></div><h4 class=\"sbody-h4\">SQL Server 2012 Service Pack 3</h4><div class=\"kb-collapsible kb-collapsible-collapsed\"><span class=\"text-base\">Reference table</span><br/><br/>The following table contains the security update information for this software. <br/><br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file names</span></td><td class=\"sbody-td\">For GDR update of SQL Server 2012 Service Pack 3 for 32-bit Systems:<br/><span class=\"text-base\">SQLServer2012-KB3194721-x86.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For GDR update of SQL Server 2012 Service Pack 3 for x64-based Systems:<br/><span class=\"text-base\">SQLServer2012-KB3194721-x64.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For CU update of SQL Server 2012 Service Pack 3 for 32-bit Systems:<br/><span class=\"text-base\">SQLServer2012-KB</span><span class=\"text-base\">3194724-x86.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For CU update of SQL Server 2012 Service Pack 3 for x64-based Systems:<br/><span class=\"text-base\">SQLServer2012-KB</span><span class=\"text-base\">3194724-x64.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-17\" target=\"_self\">Microsoft Knowledge Base article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Update log file</span></td><td class=\"sbody-td\">%programfiles%\\Microsoft SQL Server\\110\\Setup Bootstrap\\LOG\\<TimeStamp>\\MSSQLServer\\Summary_<MachineName>_<Timestamp>.txt</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Special instructions</span></td><td class=\"sbody-td\">This update is also offered to SQL Server 2012 Service Pack\u00a03 (SP3) instances that are clustered.<br/><br/>To reduce downtime if your SQL Server 2012 SP3 cluster has a passive node, Microsoft recommends that you scan and apply the update to the inactive node first, and then scan and apply it to the active node. After all components are updated on all nodes, the update will no longer be offered.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">A restart of the SQL Server instance is required if files are in use.<br/><br/>If a restart is required, the installer prompts or returns exit code 3010.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">Use <strong class=\"uiterm\">Add or Remove Programs</strong> in Control Panel.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">For GDR update of SQL Server 2012 Service Pack 3:<br/>See <a href=\"https://support.microsoft.com/help/3194721\" id=\"kb-link-18\" target=\"_self\">Microsoft Knowledge Base article 3194721</a><br/><br/>For CU update of SQL Server 2012 Service Pack 3:<br/>See <a href=\"https://support.microsoft.com/help/3194724\" id=\"kb-link-19\" target=\"_self\">Microsoft Knowledge Base article 3194724</a></td></tr></table></div><h4 class=\"sbody-h4\">SQL Server 2014 Service Pack 1</h4><div class=\"kb-collapsible kb-collapsible-collapsed\"><span class=\"text-base\">Reference table</span><br/><br/>The following table contains the security update information for this software. <br/><br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file names</span></td><td class=\"sbody-td\">For GDR update of SQL Server 2012 Service Pack 1 for 32-bit Systems:<br/><span class=\"text-base\">SQLServer2014-KB3194720-x64.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For GDR update of SQL Server 2012 Service Pack 1 for x64-based Systems:<br/><span class=\"text-base\">SQLServer2014-KB3194720-x64.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For CU update of SQL Server 2012 Service Pack 1 for 32-bit Systems:<br/><span class=\"text-base\">SQLServer2014-KB3194722-x64.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For CU update of SQL Server 2012 Service Pack 1 for x64-based Systems:<br/><span class=\"text-base\">SQLServer2014-KB3194722-x64.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-20\" target=\"_self\">Microsoft Knowledge Base article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Update log file</span></td><td class=\"sbody-td\">%programfiles%\\Microsoft SQL Server\\120\\Setup Bootstrap\\LOG\\<TimeStamp>\\MSSQLServer\\Summary_<MachineName>_<Timestamp>.txt</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Special instructions</span></td><td class=\"sbody-td\">This update is also offered to SQL Server 2014 Service Pack 1 (SP1) instances that are clustered.<br/><br/>To reduce downtime if your SQL Server 2014 SP1 cluster has a passive node, Microsoft recommends that you scan and apply the update to the inactive node first, and then scan and apply it to the active node. After all components are updated on all nodes, the update will no longer be offered.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">A restart of the SQL Server instance is required if files are in use.<br/><br/>If a restart is required, the installer prompts or returns exit code 3010.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">Use <strong class=\"uiterm\">Add or Remove Programs</strong> in Control Panel.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">For GDR update of SQL Server 2014 Service Pack 1:<br/>See <a href=\"https://support.microsoft.com/help/3194720\" id=\"kb-link-21\" target=\"_self\">Microsoft Knowledge Base article 3194720</a><br/><br/>For CU update of SQL Server 2014 Service Pack 1:<br/>See <a href=\"https://support.microsoft.com/help/3194722\" id=\"kb-link-22\" target=\"_self\">Microsoft Knowledge Base article 3194722</a></td></tr></table></div><h4 class=\"sbody-h4\">SQL Server 2014 Service Pack 2</h4><div class=\"kb-collapsible kb-collapsible-collapsed\"><span class=\"text-base\">Reference table</span><br/><br/>The following table contains the security update information for this software. <br/><br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file names</span></td><td class=\"sbody-td\">For GDR update of SQL Server 2012 Service Pack 2 for 32-bit Systems:<br/><span class=\"text-base\">SQLServer2014-KB3194714-x64.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For GDR update of SQL Server 2012 Service Pack 2 for x64-based Systems:<br/><span class=\"text-base\">SQLServer2014-KB3194714-x64.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For CU update of SQL Server 2012 Service Pack 2 for 32-bit Systems:<br/><span class=\"text-base\">SQLServer2014-KB3194718-x64.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For CU update of SQL Server 2012 Service Pack 2 for x64-based Systems:<br/><span class=\"text-base\">SQLServer2014-KB3194718-x64.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-23\" target=\"_self\">Microsoft Knowledge Base article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Update log file</span></td><td class=\"sbody-td\">%programfiles%\\Microsoft SQL Server\\120\\Setup Bootstrap\\LOG\\<TimeStamp>\\MSSQLServer\\Summary_<MachineName>_<Timestamp>.txt</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Special instructions</span></td><td class=\"sbody-td\">This update is also offered to SQL Server 2014 Service Pack 2 (SP2) instances that are clustered.<br/><br/>To reduce downtime if your SQL Server 2014 SP2 cluster has a passive node, Microsoft recommends that you scan and apply the update to the inactive node first, and then scan and apply it to the active node. After all components are updated on all nodes, the update will no longer be offered.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">A restart of the SQL Server instance is required if files are in use.<br/><br/>If a restart is required, the installer prompts or returns exit code 3010.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">Use <strong class=\"uiterm\">Add or Remove Programs</strong> in Control Panel.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">For GDR update of SQL Server 2012 Service Pack 2:<br/>See <a href=\"https://support.microsoft.com/help/3194714\" id=\"kb-link-24\" target=\"_self\">Microsoft Knowledge Base article 3194714</a><br/><br/>For CU update of SQL Server 2012 Service Pack 2:<br/>See <a href=\"https://support.microsoft.com/help/3194718\" id=\"kb-link-25\" target=\"_self\">Microsoft Knowledge Base article 3194718</a></td></tr></table></div><h4 class=\"sbody-h4\">SQL Server 2016</h4><div class=\"kb-collapsible kb-collapsible-collapsed\"><span class=\"text-base\">Reference table</span><br/><br/>The following table contains the security update information for this software.<br/><br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file names</span></td><td class=\"sbody-td\">For GDR update of SQL Server 2016 for 32-bit Systems:<br/><span class=\"text-base\">SQLServer2016-KB3194716-x64.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For GDR update of SQL Server 2016 for x64-based Systems:<br/><span class=\"text-base\">SQLServer2016-KB3194716-x64.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For CU update of SQL Server 2016 for 32-bit Systems:<br/><span class=\"text-base\">SQLServer2016-KB3194717-x64.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For CU update of SQL Server 2016 for x64-based Systems:<br/><span class=\"text-base\">SQLServer2016-KB3194717-x64.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-26\" target=\"_self\">Microsoft Knowledge Base article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Update log file</span></td><td class=\"sbody-td\">%programfiles%\\Microsoft SQL Server\\130\\Setup Bootstrap\\LOG\\<TimeStamp>\\MSSQLServer\\Summary_<MachineName>_<Timestamp>.txt</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Special instructions</span></td><td class=\"sbody-td\">This update is also offered to SQL Server 2016 instances that are clustered.<br/><br/>To reduce downtime if your SQL Server 2016 cluster has a passive node, Microsoft recommends that you scan and apply the update to the inactive node first, and then scan and apply it to the active node. After all components are updated on all nodes, the update will no longer be offered.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">A restart of the SQL Server instance is required if files are in use.<br/><br/>If a restart is required, the installer prompts or returns exit code 3010.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">Use <strong class=\"uiterm\">Add or Remove Programs</strong> in Control Panel.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">For GDR update of SQL Server 2016:<br/>See <a href=\"https://support.microsoft.com/help/3194716\" id=\"kb-link-27\" target=\"_self\">Microsoft Knowledge Base article 3194716</a><br/><br/>For CU update of SQL Server 2016:<br/>See <a href=\"https://support.microsoft.com/help/3194717\" id=\"kb-link-28\" target=\"_self\">Microsoft Knowledge Base article 3194717</a></td></tr></table></div></div><br/></div></div></div></div></div></span></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">How to obtain help and support for this security update</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\">Help for installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-29\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <a href=\"https://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-30\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help for protecting your Windows-based computer from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-31\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <a href=\"https://support.microsoft.com/\" id=\"kb-link-32\" target=\"_self\">International Support</a></div><br/></span></div></div></div></div></body></html>", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-08T00:00:00", "type": "mskb", "title": "MS16-136: Security update for SQL Server: November 8, 2016", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7254", "CVE-2016-7249", "CVE-2016-7250", "CVE-2016-7251", "CVE-2016-7253", "CVE-2016-7252"], "modified": "2016-11-08T16:46:32", "id": "KB3199641", "href": "https://support.microsoft.com/en-us/help/3199641/", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2021-08-18T11:19:48", "description": "### *Detect date*:\n11/08/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to gain privileges or obtain sensitive information.\n\n### *Affected products*:\nMicrosoft SQL Server 2012 Service Pack 2 \nMicrosoft SQL Server 2012 Service Pack 3 \nMicrosoft SQL Server 2014 Service Pack 1 \nMicrosoft SQL Server 2014 Service Pack 2 \nMicrosoft SQL Server 2016\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[MS16-136](<https://technet.microsoft.com/en-us/library/security/ms16-136.aspx>) \n[CVE-2016-7254](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7254>) \n[CVE-2016-7253](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7253>) \n[CVE-2016-7252](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7252>) \n[CVE-2016-7251](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7251>) \n[CVE-2016-7250](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7250>) \n[CVE-2016-7249](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7249>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Microsoft SQL Server](<https://threats.kaspersky.com/en/product/Microsoft-SQL-Server/>)\n\n### *CVE-IDS*:\n[CVE-2016-7254](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7254>)6.5High \n[CVE-2016-7253](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7253>)6.5High \n[CVE-2016-7252](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7252>)4.0Warning \n[CVE-2016-7251](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7251>)4.3Warning \n[CVE-2016-7250](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7250>)6.5High \n[CVE-2016-7249](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7249>)6.5High\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[3194718](<http://support.microsoft.com/kb/3194718>) \n[3194724](<http://support.microsoft.com/kb/3194724>) \n[3194725](<http://support.microsoft.com/kb/3194725>) \n[3194720](<http://support.microsoft.com/kb/3194720>) \n[3194722](<http://support.microsoft.com/kb/3194722>) \n[3194714](<http://support.microsoft.com/kb/3194714>) \n[3194719](<http://support.microsoft.com/kb/3194719>) \n[3194717](<http://support.microsoft.com/kb/3194717>) \n[3194716](<http://support.microsoft.com/kb/3194716>) \n[3194721](<http://support.microsoft.com/kb/3194721>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-08T00:00:00", "type": "kaspersky", "title": "KLA10901 Multiple vulnerabilities in Microsoft SQL Server", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7249", "CVE-2016-7250", "CVE-2016-7251", "CVE-2016-7252", "CVE-2016-7253", "CVE-2016-7254"], "modified": "2020-06-03T00:00:00", "id": "KLA10901", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10901/", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-08T13:56:49", "description": "This host is missing an important\n security update according to Microsoft Bulletin MS16-136.", "cvss3": {}, "published": "2016-11-14T00:00:00", "type": "openvas", "title": "Microsoft SQL Server Multiple Vulnerabilities (3199641)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7249", "CVE-2016-7250", "CVE-2016-7254", "CVE-2016-7251", "CVE-2016-7253", "CVE-2016-7252"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310809096", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809096", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft SQL Server Multiple Vulnerabilities (3199641)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:microsoft:sql_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809096\");\n script_version(\"2019-12-20T12:42:55+0000\");\n script_cve_id(\"CVE-2016-7249\", \"CVE-2016-7250\", \"CVE-2016-7251\", \"CVE-2016-7252\",\n \"CVE-2016-7253\", \"CVE-2016-7254\");\n script_bugtraq_id(94037, 94060, 94043, 94050, 94061, 94056);\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 12:42:55 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-11-14 15:30:37 +0530 (Mon, 14 Nov 2016)\");\n script_name(\"Microsoft SQL Server Multiple Vulnerabilities (3199641)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important\n security update according to Microsoft Bulletin MS16-136.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to:\n\n - The Microsoft SQL Server improperly handles pointer casting.\n\n - The SQL Server MDS does not properly validate a request parameter on the SQL\n Server site.\n\n - An improper check of 'FILESTREAM' path.\n\n - The SQL Server Agent incorrectly check ACLs on atxcore.dll.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to gain elevated privileges that could be used to view, change,\n or delete data, or create new accounts, also can gain additional database and\n file information and to spoof content, disclose information, or take any action\n that the user could take on the site on behalf of the targeted user.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft SQL Server 2012 x86/x64 Edition Service Pack 2 and prior\n\n - Microsoft SQL Server 2012 x86/x64 Edition Service Pack 3 and prior\n\n - Microsoft SQL Server 2014 x86/x64 Edition Service Pack 1 and prior\n\n - Microsoft SQL Server 2014 x86/x64 Edition Service Pack 2 and prior\n\n - Microsoft SQL Server 2016 x64 Edition\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS16-136\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"mssqlserver_detect.nasl\");\n script_mandatory_keys(\"MS/SQLSERVER/Running\");\n script_require_ports(1433);\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!mssqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!mssqlVer = get_app_version(cpe:CPE, port:mssqlPort)){\n exit(0);\n}\n\n## MS SQL 2012 SP2 : GDR x64/x86 ==> 11.0.5388.0 ; CU x64/x86 ==> 11.0.5676.0\nif(mssqlVer =~ \"^11\\.0\")\n{\n if(version_in_range(version:mssqlVer, test_version:\"11.0.5400.0\", test_version2:\"11.0.5675.0\"))\n {\n VULN = TRUE;\n vulnerable_range = \"11.0.5400.0 - 11.0.5675.0\";\n }\n else if(version_in_range(version:mssqlVer, test_version:\"11.0.5058.0\", test_version2:\"11.0.5387.0\"))\n {\n VULN = TRUE;\n vulnerable_range = \"11.0.5000.0 - 11.0.5387.0\";\n }\n}\n\n## MS SQL 2012 SP3 : GDR x64/x86 ==> 11.0.6248.0 ; CU x64/x86 ==> 11.0.6567.0\nelse if(mssqlVer =~ \"^11\\.0\")\n{\n if(version_in_range(version:mssqlVer, test_version:\"11.0.6000.0\", test_version2:\"11.0.6247.0\"))\n {\n VULN = TRUE;\n vulnerable_range = \"11.0.6000.0 - 11.0.6247.0\";\n }\n else if(version_in_range(version:mssqlVer, test_version:\"11.0.6400.0\", test_version2:\"11.0.6566.0\"))\n {\n VULN = TRUE;\n vulnerable_range = \"11.0.6400.0 - 11.0.6566.0\";\n }\n}\n\n## MS SQL 2014 SP1 : GDR x64/x86 ==> 12.0.4487.0 ; CU x64/x86 ==> 12.0.4232.0\nelse if(mssqlVer =~ \"^12\\.0\")\n{\n if(version_in_range(version:mssqlVer, test_version:\"12.0.4000.0\", test_version2:\"12.0.4231.0\"))\n {\n VULN = TRUE;\n vulnerable_range = \"12.0.4000.0 - 12.0.4231.0\";\n }\n else if(version_in_range(version:mssqlVer, test_version:\"12.0.4300.0\", test_version2:\"12.0.4486.0\"))\n {\n VULN = TRUE;\n vulnerable_range = \"12.0.4300.0 - 12.0.4486.0\";\n }\n}\n\n## MS SQL 2014 SP2 : GDR x64/x86 ==> 12.0.5203.0 ; CU x64/x86 ==> 12.0.5532.0\nelse if(mssqlVer =~ \"^12\\.0\")\n{\n if(version_in_range(version:mssqlVer, test_version:\"12.0.5000.0\", test_version2:\"12.0.5202.0\"))\n {\n VULN = TRUE;\n vulnerable_range = \"12.0.5000.0 - 12.0.5202.0\";\n }\n else if(version_in_range(version:mssqlVer, test_version:\"12.0.5400.0\", test_version2:\"12.0.5531.0\"))\n {\n VULN = TRUE;\n vulnerable_range = \"12.0.5400.0 - 12.0.5531.0\";\n }\n}\n\n## MS SQL 2016 : GDR x64/x86 ==> 13.0.1722.0 ; CU x64/x86 ==> 13.0.2185.3\nelse if(mssqlVer =~ \"^13\\.0\")\n{\n if(version_in_range(version:mssqlVer, test_version:\"13.0.1000.0\", test_version2:\"13.0.1721.0\"))\n {\n VULN = TRUE;\n vulnerable_range = \"13.0.1000.0 - 13.0.1721.0\";\n }\n else if(version_in_range(version:mssqlVer, test_version:\"13.0.2000.0\", test_version2:\"13.0.2185.2\"))\n {\n VULN = TRUE;\n vulnerable_range = \"13.0.2000.0 - 13.0.2185.2\";\n }\n}\n\nif(VULN)\n{\n report = 'Vulnerable range: ' + vulnerable_range + '\\n' ;\n security_message(data:report, port:mssqlPort);\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}