Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB3065718
HistoryJul 14, 2015 - 12:00 a.m.

MS15-058: Vulnerabilities in SQL Server could allow remote code execution: July 14, 2015

2015-07-1400:00:00
Microsoft
support.microsoft.com
104

EPSS

0.06

Percentile

93.6%

JSON

<html><body><p>Resolves vulnerabilities in SQL Server that could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from a wrong address. This leads to a function call to uninitialized memory.</p><h2>Introduction</h2><div>This update resolves vulnerabilities in Microsoft SQL Server that could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from a wrong address. This leads to a function call to uninitialized memory.<br /><span></span></div><h2>Additional information about this security update</h2><div>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.<br /><ul><li><a href=“https://support.microsoft.com/en-us/help/3045303”>3045303 </a> MS15-058: Description of the security update for SQL Server 2008 Service Pack 3 QFE: July 14, 2015<br /><br />The following are the known issues in security update <a href=“https://support.microsoft.com/en-us/help/3045303”>3045303 </a>. For more information about these known issues, see security update <a href=“https://support.microsoft.com/en-us/help/3045303”>3045303 </a>.<br /><ul><li>You may be able to install this SQL Server 2008-based security update on a SQL Server 2005-based system on which SQL Server 2008 is not installed.<br /><br /></li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/3045305”>3045305 </a> MS15-058: Description of the security update for SQL Server 2008 Service Pack 3 GDR: July 14, 2015<br /><br />The following are the known issues in security update <a href=“https://support.microsoft.com/en-us/help/3045305”>3045305 </a>. For more information about these known issues, see security update <a href=“https://support.microsoft.com/en-us/help/3045305”>3045305 </a>.<br /><ul><li>You may be able to install this SQL Server 2008-based security update on a SQL Server 2005-based system on which SQL Server 2008 is not installed.<br /><br /></li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/3045308”>3045308 </a> MS15-058: Description of the security update for SQL Server 2008 Service Pack 4 QFE: July 14, 2015<br /><br />The following are the known issues in security update <a href=“https://support.microsoft.com/en-us/help/3045308”>3045308 </a>. For more information about these known issues, see security update <a href=“https://support.microsoft.com/en-us/help/3045308”>3045308 </a>.<br /><ul><li>You may be able to install this SQL Server 2008-based security update on a SQL Server 2005-based system on which SQL Server 2008 is not installed.<br /><br /></li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/3045311”>3045311 </a> MS15-058: Description of the security update for SQL Server 2008 Service Pack 4 GDR: July 14, 2015<br /><br />The following are the known issues in security update <a href=“https://support.microsoft.com/en-us/help/3045311”>3045311 </a>. For more information about these known issues, see security update <a href=“https://support.microsoft.com/en-us/help/3045311”>3045311 </a>.<br /><ul><li>You may be able to install this SQL Server 2008-based security update on a SQL Server 2005-based system on which SQL Server 2008 is not installed.<br /><br /></li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/3045312”>3045312 </a> MS15-058: Description of the security update for SQL Server 2008 R2 Service Pack 2 QFE: July 14, 2015<br /><br />The following are the known issues in security update <a href=“https://support.microsoft.com/en-us/help/3045312”>3045312 </a>. For more information about these known issues, see security update <a href=“https://support.microsoft.com/en-us/help/3045312”>3045312 </a>.<br /><ul><li>When you use the <span>/?</span> switch or the <span>/Help</span> switch with this security update package, you receive an error message.</li><li>After you install this security update, the Add or Remove Program entries for this security update do not have “Security Update” in the title of the security update.</li><li>After you install this security update, the Installation Wizard shows the security update as an “Update Program” instead of a “Security Update.”<br /><br /></li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/3045313”>3045313 </a> MS15-058: Description of the security update for SQL Server 2008 R2 Service Pack 2 GDR: July 14, 2015<br /><br />The following are the known issues in security update <a href=“https://support.microsoft.com/en-us/help/3045313”>3045313 </a>. For more information about these known issues, see security update <a href=“https://support.microsoft.com/en-us/help/3045313”>3045313 </a>.<br /><ul><li>When you use the <span>/?</span> switch or the <span>/Help</span> switch with this security update package, you receive an error message.</li><li>After you install this security update, the Add or Remove Program entries for this security update do not have “Security Update” in the title of the security update.</li><li>After you install this security update, the Installation Wizard shows the security update as an “Update Program” instead of a “Security Update.”<br /><br /></li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/3045314”>3045314 </a> MS15-058: Description of the security update for SQL Server 2008 R2 Service Pack 3 QFE: July 14, 2015<br /><br />The following are the known issues in security update <a href=“https://support.microsoft.com/en-us/help/3045314”>3045314 </a>. For more information about these known issues, see security update <a href=“https://support.microsoft.com/en-us/help/3045314”>3045314 </a>.<br /><ul><li>When you use the <span>/?</span> switch or the <span>/Help</span> switch with this security update package, you receive an error message.</li><li>After you install this security update, the Add or Remove Program entries for this security update do not have “Security Update” in the title of the security update.</li><li>After you install this security update, the Installation Wizard shows the security update as an “Update Program” instead of a “Security Update.”<br /><br /></li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/3045316”>3045316 </a> MS15-058: Description of the security update for SQL Server 2008 R2 Service Pack 3 GDR: July 14, 2015<br /><br />The following are the known issues in security update <a href=“https://support.microsoft.com/en-us/help/3045316”>3045316 </a>. For more information about these known issues, see security update <a href=“https://support.microsoft.com/en-us/help/3045316”>3045316 </a>.<br /><ul><li>When you use the <span>/?</span> switch or the <span>/Help</span> switch with this security update package, you receive an error message.</li><li>After you install this security update, the Add or Remove Program entries for this security update do not have “Security Update” in the title of the security update.</li><li>After you install this security update, the Installation Wizard shows the security update as an “Update Program” instead of a “Security Update.”<br /><br /></li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/3045317”>3045317 </a> MS15-058: Description of the security update for SQL Server 2012 SP1 QFE: July 14, 2015<br /><br />The following is the known issue in security update <a href=“https://support.microsoft.com/en-us/help/3045317”>3045317 </a>. For more information about these known issues, see security update <a href=“https://support.microsoft.com/en-us/help/3045317”>3045317 </a>.<br /><ul><li>An instance of SQL Server 2012 Service Pack 1 that has the MDS component installed but does not have the SQL Engine component installed may not discover this security update from Microsoft Update.</li></ul><br /><br /></li><li><a href=“https://support.microsoft.com/en-us/help/3045318”>3045318 </a> MS15-058: Description of the security update for SQL Server 2012 SP1 GDR: July 14, 2015<br /><br />The following is the known issue in security update <a href=“https://support.microsoft.com/en-us/help/3045318”>3045318 </a>. For more information about these known issues, see security update <a href=“https://support.microsoft.com/en-us/help/3045318”>3045318 </a>.<br /><ul><li>An instance of SQL Server 2012 Service Pack 1 that has the MDS component installed but does not have the SQL Engine component installed may not discover this security update from Microsoft Update.</li></ul><br /><br /></li><li><a href=“https://support.microsoft.com/en-us/help/3045319”>3045319 </a> MS15-058: Description of the security update for SQL Server 2012 Service Pack 2 QFE: July 14, 2015<br /><br /></li><li><a href=“https://support.microsoft.com/en-us/help/3045321”>3045321 </a> MS15-058: Description of the security update for SQL Server 2012 Service Pack 2 GDR: July 14, 2015<br /><br /></li><li><a href=“https://support.microsoft.com/en-us/help/3045323”>3045323 </a> MS15-058: Description of the security update for SQL Server 2014 QFE: July 14, 2015<br /><br />The following is the known issue in security update <a href=“https://support.microsoft.com/en-us/help/3045323”>3045323 </a>. For more information about these known issues, see security update <a href=“https://support.microsoft.com/en-us/help/3045323”>3045323 </a>.<br /><ul><li>The installation of a cumulative update that is an earlier version than the GDR branch version of this security update may succeed and partly overwrite the GDR branch security update.<br /></li></ul><br /></li><li><a href=“https://support.microsoft.com/en-us/help/3045324”>3045324 </a> MS15-058: Description of the security update for SQL Server 2014 GDR: July 14, 2015<br /><br />The following is the known issue in security update <a href=“https://support.microsoft.com/en-us/help/3045324”>3045324 </a>. For more information about these known issues, see security update <a href=“https://support.microsoft.com/en-us/help/3045324”>3045324 </a>.<br /><ul><li>The installation of a cumulative update that is an earlier version than the GDR branch version of this security update may succeed and partly overwrite the GDR branch security update.</li></ul></li></ul><div><div><div><span><span></span></span><span><span>Nonsecurity-related fixes that are included in this security update</span></span></div><div><span><div>This security update also fixes the following nonsecurity-related issues:<br /><ul><li><a href=“https://support.microsoft.com/en-us/help/2969896”>2969896 </a> FIX: Data corruption occurs in clustered index when you run online index rebuild in SQL Server 2012 or SQL Server 2014</li><li><a href=“https://support.microsoft.com/en-us/help/3027857”>3027857 </a> FIX: Error 832 occurs after you apply update MS14-044 to SQL Server 2008 R2 or SQL Server 2008</li><li><a href=“https://support.microsoft.com/en-us/help/3027860”>3027860 </a> Error 17066 or 17310 during SQL Server startup</li><li><a href=“https://support.microsoft.com/en-us/help/3054530”>3054530 </a> FIX: Corruption occurs on pages of secondary replica when you change the secondary replica to unreadable</li><li><a href=“https://support.microsoft.com/en-us/help/3067257”>3067257 </a> FIX: Partial results in a query of a clustered columnstore index in SQL Server 2014</li></ul></div></span></div></div></div></div><h2></h2><div><h3>Security update deployment information</h3><div><h5>SQL Server 2008</h5><div><span>Reference Table</span><br /><br />The following table contains the security update information for this software.<br /><div><table><tr><td><span>Security update file names</span></td><td>For GDR update of SQL Server 2008 for 32-bit Systems Service Pack 3:<br /><span>SQLServer2008-KB3045305-x86.exe</span></td></tr><tr><td></td><td>For GDR update of SQL Server 2008 for x64-based Systems Service Pack 3:<br /><span>SQLServer2008-KB3045305-x64.exe</span></td></tr><tr><td></td><td>For GDR update of SQL Server 2008 for Itanium-based Systems Service Pack 3:<br /><span>SQLServer2008-KB3045305-IA64.exe</span></td></tr><tr><td></td><td>For QFE update of SQL Server 2008 for 32-bit Systems Service Pack 3:<br /><span>SQLServer2008-KB3045303-x86.exe</span></td></tr><tr><td></td><td>For QFE update of SQL Server 2008 for x64-based Systems Service Pack 3:<br /><span>SQLServer2008-KB3045303-x64.exe</span></td></tr><tr><td></td><td>For QFE update of SQL Server 2008 for Itanium-based Systems Service Pack 3:<br /><span>SQLServer2008-KB3045303-IA64.exe</span></td></tr><tr><td></td><td>For GDR update of SQL Server 2008 for 32-bit Systems Service Pack 4:<br /><span>SQLServer2008-KB3045311-x86.exe</span></td></tr><tr><td></td><td>For GDR update of SQL Server 2008 for x64-based Systems Service Pack 4:<br /><span>SQLServer2008-KB3045311-x64.exe</span></td></tr><tr><td></td><td>For QFE update of SQL Server 2008 for 32-bit Systems Service Pack 4:<br /><span>SQLServer2008-KB3045308-x86.exe</span></td></tr><tr><td></td><td>For QFE update of SQL Server 2008 for x64-based Systems Service Pack 4:<br /><span>SQLServer2008-KB3045308-x64.exe</span></td></tr><tr><td><span>Installation switches</span></td><td>See Microsoft Knowledge Base Article <a href=“https://support.microsoft.com/en-us/help/934307”>934307 </a></td></tr><tr><td><span>Update log file</span></td><td>%programfiles%\Microsoft SQL Server\100\Setup Bootstrap\LOG&lt;TimeStamp>\MSSQLServer\Summary_<MachineName><Timestamp>.txt</td></tr><tr><td><span>Special instructions</span></td><td>The update will also be offered to instances of SQL Server 2008 that are clustered. <br /><br />If your SQL Server 2008 cluster has a passive node, to reduce downtime, we recommend that you scan and apply the update to the inactive node first, and then scan and apply to the active node. When all components have been updated on all nodes, the update will no longer be offered.</td></tr><tr><td><span>Restart requirement</span></td><td>A restart of the instance of SQL Server is required if files are being used. <br />If a system restart is required, the installer will prompt or return exit code 3010.</td></tr><tr><td><span>Removal information</span></td><td>For all supported editions of SQL Server 2008: Use <span>Add or Remove Programs</span> in Control Panel.</td></tr><tr><td><span>File information</span></td><td>For GDR updates of SQL Server 2008 Service Pack 3:<br />See Microsoft Knowledge Base Article <a href=“https://support.microsoft.com/en-us/help/3045305”>3045305 </a><br /><br />For QFE updates of SQL Server 2008 Service Pack 3:<br />See Microsoft Knowledge Base Article <a href=“https://support.microsoft.com/en-us/help/3045303”>3045303 </a><br /><br />For GDR updates of SQL Server 2008 Service Pack 4:<br />See Microsoft Knowledge Base Article <a href=“https://support.microsoft.com/en-us/help/3045311”>3045311 </a><br /><br />For QFE updates of SQL Server 2008 Service Pack 4:<br />See Microsoft Knowledge Base Article <a href=“https://support.microsoft.com/en-us/help/3045308”>3045308 </a></td></tr></table></div><h5>SQL Server 2008 R2</h5><div><span>Reference Table</span><br /><br />The following table contains the security update information for this software.<br /><div><table><tr><td><span>Security update file names</span></td><td>For GDR update of SQL Server 2008 R2 for 32-bit Systems Service Pack 2:<br /><span>SQLServer2008R2-KB3045313-x86.exe</span></td></tr><tr><td></td><td>For GDR update of SQL Server 2008 R2 for x64-based Systems Service Pack 2:<br /><span>SQLServer2008R2-KB3045313-x64.exe</span></td></tr><tr><td></td><td>For GDR update of SQL Server 2008 R2 for Itanium-based Systems Service Pack 2:<br /><span>SQLServer2008R2-KB3045313-IA64.exe</span></td></tr><tr><td></td><td>For QFE update of SQL Server 2008 R2 for 32-bit Systems Service Pack 2:<br /><span>SQLServer2008R2-KB3045312-x86.exe</span></td></tr><tr><td></td><td>For QFE update of SQL Server 2008 R2 for x64-based Systems Service Pack 2:<br /><span>SQLServer2008R2-KB3045312-x64.exe</span></td></tr><tr><td></td><td>For QFE update of SQL Server 2008 R2 for Itanium-based Systems Service Pack 2:<br /><span>SQLServer2008R2-KB3045312-IA64.exe</span></td></tr><tr><td></td><td>For GDR update of SQL Server 2008 R2 for 32-bit Systems Service Pack 3:<br /><span>SQLServer2008R2-KB3045316-x86.exe</span></td></tr><tr><td></td><td>For GDR update of SQL Server 2008 R2 for x64-based Systems Service Pack 3:<br /><span>SQLServer2008R2-KB3045316-x64.exe</span></td></tr><tr><td></td><td>For QFE update of SQL Server 2008 R2 for 32-bit Systems Service Pack 3:<br /><span>SQLServer2008R2-KB3045314-x86.exe</span></td></tr><tr><td></td><td>For QFE update of SQL Server 2008 R2 for x64-based Systems Service Pack 3:<br /><span>SQLServer2008R2-KB3045314-x64.exe</span></td></tr><tr><td><span>Installation switches</span></td><td>See Microsoft Knowledge Base Article <a href=“https://support.microsoft.com/en-us/help/934307”>934307 </a></td></tr><tr><td><span>Update log file</span></td><td>%programfiles%\Microsoft SQL Server\100\Setup Bootstrap\LOG&lt;TimeStamp>\MSSQLServer\Summary<MachineName><Timestamp>.txt</td></tr><tr><td><span>Special instructions</span></td><td>The update will also be offered to instances of SQL Server 2008 R2 that are clustered. <br /><br />If your SQL Server 2008 R2 cluster has a passive node, to reduce downtime, we recommend that you scan and apply the update to the inactive node first, and then scan and apply to the active node. When all components have been updated on all nodes, the update will no longer be offered.</td></tr><tr><td><span>Restart requirement</span></td><td>A restart of the instance of SQL Server is required.<br />If a system restart is required, the installer will prompt or return exit code 3010.</td></tr><tr><td><span>Removal information</span></td><td>For all supported editions of SQL Server 2008 R2:<br />Use <span>Add or Remove Programs</span> in Control Panel.</td></tr><tr><td><span>File information</span></td><td>For GDR updates of SQL Server 2008 R2 Service Pack 2:<br />See Microsoft Knowledge Base Article <a href=“https://support.microsoft.com/en-us/help/3045313”>3045313 </a><br /><br />For QFE updates of SQL Server 2008 R2 Service Pack 2:<br />See Microsoft Knowledge Base Article <a href=“https://support.microsoft.com/en-us/help/3045312”>3045312 </a><br /><br />For GDR updates of SQL Server 2008 R2 Service Pack 3:<br />See Microsoft Knowledge Base Article <a href=“https://support.microsoft.com/en-us/help/3045316”>3045316 </a><br /><br />For QFE updates of SQL Server 2008 R2 Service Pack 3:<br />See Microsoft Knowledge Base Article <a href=“https://support.microsoft.com/en-us/help/3045316”>3045316 </a></td></tr></table></div><h5>SQL Server 2012</h5><div><span>Reference Table</span><br /><br />The following table contains the security update information for this software.<br /><div><table><tr><td><span>Security update file names</span></td><td>For GDR update of SQL Server 2012 for 32-bit Systems Service Pack 1:<br /><span>SQLServer2012-KB3045318-x86.exe</span></td></tr><tr><td></td><td>For GDR update of SQL Server 2012 for x64-based Systems Service Pack 1:<br /><span>SQLServer2012-KB3045318-x64.exe</span></td></tr><tr><td></td><td>For QFE update of SQL Server 2012 for 32-bit Systems Service Pack 1:<br /><span>SQLServer2012-KB3045317-x86.exe</span></td></tr><tr><td></td><td>For QFE update of SQL Server 2012 for x64-based Systems Service Pack 1:<br /><span>SQLServer2012-KB3045317-x64.exe</span></td></tr><tr><td></td><td>For GDR update of SQL Server 2012 for 32-bit Systems Service Pack 2:<br /><span>SQLServer2012-KB3045321-x86.exe</span></td></tr><tr><td></td><td>For GDR update of SQL Server 2012 for x64-based Systems Service Pack 2:<br /><span>SQLServer2012-KB3045321-x64.exe</span></td></tr><tr><td></td><td>For QFE update of SQL Server 2012 for 32-bit Systems Service Pack 2:<br /><span>SQLServer2012-KB3045319-x86.exe</span></td></tr><tr><td></td><td>For QFE update of SQL Server 2012 for x64-based Systems Service Pack 2:<br /><span>SQLServer2012-KB3045319-x64.exe</span></td></tr><tr><td><span>Installation switches</span></td><td>See Microsoft Knowledge Base Article <a href=“https://support.microsoft.com/en-us/help/934307”>934307 </a></td></tr><tr><td><span>Update log file</span></td><td>%programfiles%\Microsoft SQL Server\110\Setup Bootstrap\LOG&lt;TimeStamp>\MSSQLServer\Summary<MachineName><Timestamp>.txt</td></tr><tr><td><span>Special instructions</span></td><td>The update will also be offered to instances of SQL Server 2012 that are clustered.<br /><br />If your SQL Server 2012 cluster has a passive node, to reduce downtime, we recommend that you scan and apply the update to the inactive node first, and then scan and apply to the active node. When all components have been updated on all nodes, the update will no longer be offered.</td></tr><tr><td><span>Restart requirement</span></td><td>A restart of the instance of SQL Server is required if files are being used.<br />If a system restart is required, the installer will prompt or return exit code 3010.</td></tr><tr><td><span>Removal information</span></td><td>For all supported editions of SQL Server 2012:<br /><br />The update removal procedure differs by scenario as follows:<br /><br /><span>Scenario 1:</span> If the SQL Server engine is installed without SQL Server Master Data Services (MDS) on the same computer, you can remove the update by using the <span>Add or Remove Programs</span> item in Control Panel. You do not have to remove the SQL Server engine.<br /><br /><span>Scenario 2:</span> If the SQL Server engine is installed together with MDS on the same computer, follow these steps:<br /><ol><li>Remove the update for the SQL Server engine by using the <span>Add or Remove Programs</span> item in Control Panel. You do not have to remove the SQL Server engine.</li><li>Back up the MDS database.</li><li>Remove the MDS component.</li><li>Reinstall the MDS component.</li><li>Apply any necessary SQL Server service packs or service updates to bring MDS to its pre-security update version.</li></ol><br /><span>Scenario 3:</span> If MDS is installed on a computer that does not have the SQL Server engine installed, follow these steps:<br /><ol><li>Back up the MDS database.</li><li>Remove the MDS component.</li><li>Reinstall the MDS component.</li><li>Apply any necessary SQL Server service packs or service updates to bring MDS to its pre-security update version.</li></ol><br /></td></tr><tr><td><span>File information</span></td><td>For GDR updates of SQL Server 2012 Service Pack 1:<br />See Microsoft Knowledge Base Article <a href=“https://support.microsoft.com/en-us/help/3045318”>3045318 </a><br /><br />For QFE updates of SQL Server 2012 Service Pack 1:<br />See Microsoft Knowledge Base Article <a href=“https://support.microsoft.com/en-us/help/3045317”>3045317 </a><br /><br />For GDR updates of SQL Server 2012 Service Pack 2:<br />See Microsoft Knowledge Base Article <a href=“https://support.microsoft.com/en-us/help/3045321”>3045321 </a><br /><br />For QFE updates of SQL Server 2012 Service Pack 2:<br />See Microsoft Knowledge Base Article <a href=“https://support.microsoft.com/en-us/help/3045321”>3045321 </a></td></tr></table></div><h5>SQL Server 2014</h5><div><span>Reference Table</span><br /><br />The following table contains the security update information for this software.<br /><div><table><tr><td><span>Security update file names</span></td><td>For GDR update of SQL Server 2014 for 32-bit Systems<br /><span>SQLServer2014-KB3045324-x86-ENU.exe</span></td></tr><tr><td></td><td>For GDR update of SQL Server 2014 for x64-based Systems:<br /><span>SQLServer2014-KB3045324-x64-ENU.exe</span></td></tr><tr><td></td><td>For QFE update of SQL Server 2014 for 32-bit Systems<br /><span>SQLServer2014-KB3045323-x86-ENU.exe</span></td></tr><tr><td></td><td>For QFE update of SQL Server 2014 for x64-based Systems:<br /><span>SQLServer2014-KB3045323-x64.exe</span></td></tr><tr><td><span>Installation switches</span></td><td>See Microsoft Knowledge Base Article <a href=“https://support.microsoft.com/en-us/help/934307”>934307 </a></td></tr><tr><td><span>Update log file</span></td><td>%programfiles%\Microsoft SQL Server\12\Setup Bootstrap\LOG&lt;TimeStamp>\MSSQLServer\Summary<MachineName>_<Timestamp>.txt</td></tr><tr><td><span>Special instructions</span></td><td>The update will also be offered to instances of SQL Server 2014 that are clustered.<br /><br />If your SQL Server 2014 cluster has a passive node, to reduce downtime, we recommend that you scan and apply the update to the inactive node first, and then scan and apply to the active node. When all components have been updated on all nodes, the update will no longer be offered.</td></tr><tr><td><span>Restart requirement</span></td><td>A restart of the instance of SQL Server is required if files are being used.<br />If a system restart is required, the installer will prompt or return exit code 3010.</td></tr><tr><td><span>Removal information</span></td><td>For all supported editions of SQL Server 2014, follow these steps:<br /><ol><li>Back up the MDS database.</li><li>Remove the MDS component.</li><li>Reinstall the MDS component.</li><li>Apply any necessary SQL Server service packs or service updates to bring MDS to its pre-security update version.</li></ol><br /></td></tr><tr><td><span>File information</span></td><td>For GDR updates of SQL Server 2014:<br />See Microsoft Knowledge Base Article <a href=“https://support.microsoft.com/en-us/help/3045324”>3045324 </a><br /><br />For QFE updates of SQL Server 2014:<br />See Microsoft Knowledge Base Article <a href=“https://support.microsoft.com/en-us/help/3045323”>3045323 </a></td></tr></table></div><br /><h3>File hash information</h3><div><div><table><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>SQLServer2008-KB3045303-IA64.exe</td><td>544AAF4E2C4C3448C65FD7C92F072233DF3E8217</td><td>100D51CCEB84366275531891A918AD41B64A02BB2BCC24FD4F633A963EDFEA95</td></tr><tr><td>SQLServer2008-KB3045303-x64.exe</td><td>B3C677B1410D8707A30514A037C1080BC0B6E70D</td><td>623E09598B28E931801E1542AF98769EBD5AC245DC33173499F7E6D7F7C89E9A</td></tr><tr><td>SQLServer2008-KB3045303-x86.exe</td><td>D2E7E82FD524F8135294BA9242776470519F739B</td><td>0579A2361284E51B483312440D00B0AC317D732894E42BFE172C6CADA57E4DB2</td></tr><tr><td>SQLServer2008-KB3045305-IA64.exe</td><td>AB09B42736FEA9638F901C1A802EAB78CE229BC0</td><td>3B0EEA3349B548A7816B34B06E11472AC60F75A887E10DE89BEFB3C9110009C2</td></tr><tr><td>SQLServer2008-KB3045305-x64.exe</td><td>B3EAF5A2FA2D77F5F9B54D306A3895DC4E3166D0</td><td>14D22FDBE3F860CEDBB4B26BE5DE5DF65E912FD82D5917906BF6FCC4898542CB</td></tr><tr><td>SQLServer2008-KB3045305-x86.exe</td><td>FB6A21F80ADBD0308EEF601B4E6B2F3CD0673EC7</td><td>86196906574554390E4CDC0D85B9F48858F26F10B3DD83A1D0D080214C9A6425</td></tr><tr><td>SQLServer2008-KB3045308-x64.exe</td><td>C3E95302146020A9AE5E460A5233C404FF284738</td><td>32E3CB421530E27ADDCA9D29908FC8671A739EEC62F5570A1A5284022C37571A</td></tr><tr><td>SQLServer2008-KB3045308-x86.exe</td><td>5B6D0C9E47B7FE6600916B3C863F6E18D161AD54</td><td>B09E5705333CEF4A5D58E727BA728F76D24C064DAFD72E72ACBB2449CB6C9BA8</td></tr><tr><td>SQLServer2008-KB3045311-x64.exe</td><td>37A197C60990D2E83E98D1090109A4AB3F2ABE4B</td><td>51E90F94E0274D46ECCF0EC603926783E19641FF10A47351F96319AC5DAA48F9</td></tr><tr><td>SQLServer2008-KB3045311-x86.exe</td><td>30561AEF89C6D174FEE7B77BED6B3B8539542558</td><td>B52D4692655C0C4A5D4391665F6BD14BEF78246CA2663F284B55DA1293598093</td></tr><tr><td>SQLServer2008R2-KB3045312-IA64.exe</td><td>848DC578D2AF702E6481242BB38D66BC69C75F45</td><td>5313000E8F5E86D684D60972325CDD41A7F5E897B3420FDAA93B415B1B45A4E0</td></tr><tr><td>SQLServer2008R2-KB3045312-x64.exe</td><td>D2F037C8627B18662FE53F583AF3B4FACFBF8A91</td><td>72F31C407AE9C152B6FEA96C2566053F1717A90FB75558C4005D6E3A1845CF7A</td></tr><tr><td>SQLServer2008R2-KB3045312-x86.exe</td><td>8EA13902258CD17DA157C5B62777ECB41BA1D3A4</td><td>2603C6D68AC1E154DCE25B39DF4B7DA55FB630610086585D1E96967E63AA8397</td></tr><tr><td>SQLServer2008R2-KB3045313-IA64.exe</td><td>98AE6B0DF61F359819975B64A42ACDB575D6823E</td><td>3BC905B436D29DB1567E342AF98591D7E0489AA6741DDDB9C478C4840EBF80A8</td></tr><tr><td>SQLServer2008R2-KB3045313-x64.exe</td><td>B618DDD387BA863EBF4C432AB0CB54C3A433BC12</td><td>938F7199F6DD4AC708C1A14F02AA1B1CEF1ECC9F56152EBB85169E9992DA4260</td></tr><tr><td>SQLServer2008R2-KB3045313-x86.exe</td><td>88CEFBD7FC3F0A0F5C8AE02051F7AAF200E04DF3</td><td>30C23C7E23E46F6FF145CA3D9F7509C5EFA3393B0F56BD70770A8A2C62006200</td></tr><tr><td>SQLServer2008R2-KB3045314-x64.exe</td><td>5C8070DCF7080228708809E27826AA3660064722</td><td>43FA0BF3D799AF860C201BE3FA1241E3115E6D29399B4FD1413934E90EC70C47</td></tr><tr><td>SQLServer2008R2-KB3045314-x86.exe</td><td>24395C1F2A0F517336393176115710DB181D160E</td><td>DAAC57D4EDB7AD7D57634DFC0BE3A8CD395B71DE269DB984EDB83AE6D9E4C1C5</td></tr><tr><td>SQLServer2008R2-KB3045316-x64.exe</td><td>3AA4D820553B1E5D96735541CBB55D97322C286E</td><td>F8A45DE74DE1EF4559AB7A6C24427306C592A7A0C21994A8B81A70B1E6211869</td></tr><tr><td>SQLServer2008R2-KB3045316-x86.exe</td><td>9A2F7F26EC9780EDD232A37B7A5BA557155D55AC</td><td>53ED493F14915F03162704B55D90831F1B236865AB2956D11F4B5E83A85CFE77</td></tr><tr><td>SQLServer2012-KB3045317-x64.exe</td><td>DC222C42CB297AF745206FEC69284DE68564034F</td><td>D01DE2DB4B4A9B296B52F3EC8A38BDEEC15536164C43CD76EB63A89BB36B8F18</td></tr><tr><td>SQLServer2012-KB3045317-x86.exe</td><td>EC5FC12A75627F26D21C0EAD8752AF37FF9162F4</td><td>4CA1EEF6C860CA5A009753CD6041B7670DC88B026463EA0AEC55BA378E00DD8B</td></tr><tr><td>SQLServer2012-KB3045318-x64.exe</td><td>3907D610C8617006511645EF893519FA561BF20D</td><td>A1B0FA9A1F99953D58D06EC110AE2DF6240DD434ECDFBECA0258BA47E984F5BE</td></tr><tr><td>SQLServer2012-KB3045318-x86.exe</td><td>46A963922F513CB1394D96D970536D9EF3B8BB81</td><td>0F07D2CE1112B5AD33DACE494DD8533A6C2F26660ABC26BA57E7B2083994F6C2</td></tr><tr><td>SQLServer2012-KB3045319-x64.exe</td><td>5E52E0CAB1C79474394FDC05412BF83B99FB0465</td><td>871624153BE73E211D66E7302802E3D2DFBC3CEF7CB69CED1DF4F7EE7C6E3E32</td></tr><tr><td>SQLServer2012-KB3045319-x86.exe</td><td>B41DD0EF2538C3ACC049BA703FA21FB5D74B7E3C</td><td>CC4687F108FC4F517CD72664F36A325BBA0C30E5DDAE4D4B5C94FF83832291DE</td></tr><tr><td>SQLServer2012-KB3045321-x64.exe</td><td>458032F7BDA3F45C0641C5417628034080297F4F</td><td>20B65E8A0997C294AEE2C5F473CEE84E90DD94D1D89A15EFCF70DA292BA7C468</td></tr><tr><td>SQLServer2012-KB3045321-x86.exe</td><td>DD99F1E0E54C944122DEB5AC24A1853D118C7D1F</td><td>7DBBF3BCC66C9458D64B6211FDF6F0ED71EA261E748D4AC1A5B20C7BF929DA5A</td></tr><tr><td>SQLServer2012-SetupData-KB3045317-x64.exe</td><td>FA22708FBD878C8381FEDB87E55D7F5CB0C4994F</td><td>9412997C4BC8A5DD47D97B366B5FF955AAE3330BB8AF1F9D4B1F11150A801538</td></tr><tr><td>SQLServer2012-SetupData-KB3045317-x86.exe</td><td>82F287862821AD76C3071004FA066E6FED09CE04</td><td>1C4045BD64BC63D7D4767FE30FC7C11550C483E9ACC8EE54739072E951920BD3</td></tr><tr><td>SQLServer2012-SetupData-KB3045318-x64.exe</td><td>23F5DE270D00DDBCFC41170049C10D6C56C46183</td><td>90C73BD6B0C5799F6C0C3AD8088D2952DB0AAE5E6F20BD8637D85B03F2570F60</td></tr><tr><td>SQLServer2012-SetupData-KB3045318-x86.exe</td><td>17583390BD873067274B970147859D46FDE0E59C</td><td>520F1BED26B1F86EFEEE0F89E87EC7DFEF4D58B1E2DC4F49E06F7D1B5F0F4E4D</td></tr><tr><td>SQLServer2012-SetupData-KB3045319-x64.exe</td><td>766261320A7890AEE700F91948117DF94A3C93BA</td><td>6176931FD3518460E4A83FAA0D191FBB75C9463B64C3152F0EF3D349024B4988</td></tr><tr><td>SQLServer2012-SetupData-KB3045319-x86.exe</td><td>22B4BB837B76966D13B7B991C6AE84AE8B731A53</td><td>C50E25ED3F08D290E26026099FC978BDCB0E2C84DB4D386195095C9B28E5D298</td></tr><tr><td>SQLServer2012-SetupData-KB3045321-x64.exe</td><td>4E2A29FCDD821AA7E936B474FEB130982784FB37</td><td>303D0402727C90D47236288E2D01AA0097D32F0ED8CAB190251140F8AA07FD9B</td></tr><tr><td>SQLServer2012-SetupData-KB3045321-x86.exe</td><td>DCB82ADEACF54CFE8811E31C082E8B73FDA2614C</td><td>D4B903708E9E4D87A6D07B165E0A8D3067EF1487E8AE0CA70383E3E1A7C00B04</td></tr><tr><td>SQLServer2012-SqlSupport-KB3045317-x64.exe</td><td>97C57F649CC35B498C39FC871BC979648D8C7380</td><td>AF039510361CBD013CE9C292B6193B5C078F0207FA24123ACA2C447872667A36</td></tr><tr><td>SQLServer2012-SqlSupport-KB3045317-x86.exe</td><td>E324591F41B144A891E349D157F2984BC0989D99</td><td>BDFD8F6E7D0376E73BC880E4305CA553DCE968E64C6A5FA1597026A08D042A36</td></tr><tr><td>SQLServer2012-SqlSupport-KB3045318-x64.exe</td><td>29491F4222CFDBB161E4AF2DBBA3F9BC9E0FDDA9</td><td>E19A3120BBF06E2F5BD5ED0948B51DB31035162D99DCA3F70A8D82ACE2497EC8</td></tr><tr><td>SQLServer2012-SqlSupport-KB3045318-x86.exe</td><td>F071FF15877597DFA6B7B327E574C9C77E63DCD7</td><td>B2AED914A65B88C491AFC2FB095DF05D89594981E1A7713AA825398ABD83D054</td></tr><tr><td>SQLServer2012-SqlSupport-KB3045319-x64.exe</td><td>E7F85501DAED0FEFB2BFE7D74A664743202A252A</td><td>C84D11FF27F6C5A480F095F74FC213D1E6E3867712FD8B41AAD24F929EAD88E9</td></tr><tr><td>SQLServer2012-SqlSupport-KB3045319-x86.exe</td><td>7B34EBDBF448E5A375D7D675823C4E406F55EB8F</td><td>530BCB8EEA4D8163FB2FF929F23E8085E17BE42AE535521C5D7711FA94810EDE</td></tr><tr><td>SQLServer2012-SqlSupport-KB3045321-x64.exe</td><td>C6423219609903C8D6233A094CB6B3B928F9DD7D</td><td>142962FE911421DA5B59BD5B77C9C03BD00643A75879C1E72C96F43ECBE2B9E4</td></tr><tr><td>SQLServer2012-SqlSupport-KB3045321-x86.exe</td><td>060392E40479913E480A879FBB711AAFEA6C928B</td><td>64286B199D492EB07372C9D50B4FFA1111EBB7EC71F701E8CE4F6AA388CB15EF</td></tr><tr><td>SQLServer2014-KB3045323-x64.exe</td><td>3C983534D2487A4023E908A2813E1A056F0904F2</td><td>B150ECA61E6CBAE9969DEDA825146C04393914386D2E940AA34448EC9A77F9C2</td></tr><tr><td>SQLServer2014-KB3045323-x86.exe</td><td>887737B05FBBD0D544C7B4AFACD29F693C234D7B</td><td>CEA23F33BE34313E28E3EED6E09A08BC07A31DFF41367DCC733847ED3458967F</td></tr><tr><td>SQLServer2014-KB3045324-x64-ENU.exe</td><td>2345A35AE51225898E112702A2012F113A47D5C9</td><td>7A66D85C4FF0BA83E6678BF1187BCDDFA275AE43A7488E3D9E9930618CCAC2D7</td></tr><tr><td>SQLServer2014-KB3045324-x86-ENU.exe</td><td>63339A6B390AFC9D05643525E4B3932BD3799B08</td><td>8B303FDB2EEB1B2C9E333AD3284B927F8B9A5A14605F9668DF50C15D13B19554</td></tr><tr><td>SQLServer2014-SetupData-KB3045323-x64.exe</td><td>11F40CD79C2550C1F9E4D60E6F02523E27F1E972</td><td>84C2E85A092A88A7B98F4F176FBBA6F59DA5095CE12A1824183AF21BDE4B976F</td></tr><tr><td>SQLServer2014-SetupData-KB3045323-x86.exe</td><td>F7CC76AA381F8834BDE5644BC254952906C3F5ED</td><td>BF6899E283AF37222A90AD23DA449E153E92E7DA2425C05BC5A45049F793C6B6</td></tr><tr><td>SQLServer2014-SetupData-KB3045324-x64-ENU.exe</td><td>674D1FCA609F9D38A535A33A423E3102C629EFAA</td><td>0528B60BBC974C985277DA9E347A4ACECD4BA230E5188E0EE0A1A28F6216AF04</td></tr><tr><td>SQLServer2014-SetupData-KB3045324-x86-ENU.exe</td><td>D3D2D9B035AB8FE7024BE7CE7A2C08DF1A994967</td><td>076D75B9FB4A70DAC80BBB575C0354E703D7B9DC6CDEBDA9C776F3307C84538E</td></tr><tr><td>SQLServer2014-SqlSupport-KB3045323-x64.exe</td><td>28868A34F1387F32B1EDD092F54C86C85E1CC23B</td><td>646E6EBA561DF5A76524A92F9DBDF170DDC8B4E9BB9FA39FD77740E0F4A5F378</td></tr><tr><td>SQLServer2014-SqlSupport-KB3045323-x86.exe</td><td>1BDF16A3C0539A88D29946CBDE839E67820F8684</td><td>C6B88D286E617FD98BCFC653E7FE476EFA965C7F2CF2842B1F36B65AD64A7176</td></tr><tr><td>SQLServer2014-SqlSupport-KB3045324-x64-ENU.exe</td><td>A8CEEE5D667DF9F6488BD980EE837DBB7C823763</td><td>A9AFEED5E26A90165FDCE859F677A7FB8A8A9655E212B180825DBA12A1A0AED2</td></tr><tr><td>SQLServer2014-SqlSupport-KB3045324-x86-ENU.exe</td><td>415A7445843CDDFE539E1B65A1FA7D8F1C74C11E</td><td>B85F26D9C4F4053206649ECA9AD5FA1D19D8ACF8461BFB0C33874F25E81BB5D1</td></tr><tr><td>SSDTBI_VS2012_x86_ENU.exe</td><td>927F64DC29C8288CB883843CD6F48F818895459A</td><td>041744217CF6929067BC1612DB9C641C2B2C9BB8466AE03499EA30F782592742</td></tr><tr><td>SSDTBI_x86_ENU.exe</td><td>D90A2006889721032B87E49AE43BBE9F6CAFF4A3</td><td>B1E2EF24B1F3E371996CA0F5A05CF1DD08CAD864637D13C1ED03B7FA9804889F</td></tr></table></div><h3>How to obtain help and support for this security update</h3><div>Help for installing updates: <a href=“https://support.microsoft.com/ph/6527” target=“_self”>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals: <a href=“https://technet.microsoft.com/security/bb980617.aspx” target=“_self”>TechNet Security Troubleshooting and Support</a><br /><br />Help for protecting your Windows-based computer from viruses and malware: <a href=“https://support.microsoft.com/contactus/cu_sc_virsec_master” target=“_self”>Virus Solution and Security Center</a><br /><br />Local support according to your country: <a href=“https://support.microsoft.com/common/international.aspx” target=“_self”>International Support</a></div></div></div></div></div></div></div></div></body></html>

Related

nessus 9
openvas 1
symantec 3
cve 3
nvd 3
cvelist 3
prion 3
checkpoint_advisories 1
nessus
nessus
Microsoft SQL Server 2008 SP4 10.0.6500.0 through 10.0.6526.0 Multiple Vulnerabilities (3045308)
2016-12-12 00:00:00
MS15-058: Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718) (uncredentialed check)
2015-07-14 00:00:00
Microsoft SQL Server 2008 SP3 10.0.5500.0 through 10.0.5520.0 Multiple Vulnerabilities (3045305)
2016-12-12 00:00:00
openvas
openvas
Microsoft SQL Server Multiple Vulnerabilities (MS15-058)
2015-07-15 00:00:00
symantec
symantec
Microsoft SQL Server CVE-2015-1761 Privilege Escalation Vulnerability
2015-07-14 00:00:00
Microsoft SQL Server CVE-2015-1763 Remote Code Execution Vulnerability
2015-07-14 00:00:00
Microsoft SQL Server CVE-2015-1762 Remote Code Execution Vulnerability
2015-07-14 00:00:00
cve
cve
CVE-2015-1761
2015-07-14 23:59:00
CVE-2015-1763
2015-07-14 23:59:01
CVE-2015-1762
2015-07-14 23:59:01
nvd
nvd
CVE-2015-1763
2015-07-14 23:59:01
CVE-2015-1761
2015-07-14 23:59:00
CVE-2015-1762
2015-07-14 23:59:01
cvelist
cvelist
CVE-2015-1761
2015-07-14 23:00:00
CVE-2015-1762
2015-07-14 23:00:00
CVE-2015-1763
2015-07-14 23:00:00
prion
prion
Privilege escalation
2015-07-14 23:59:00
Remote code execution
2015-07-14 23:59:00
Remote code execution
2015-07-14 23:59:00
checkpoint_advisories
checkpoint_advisories
Microsoft SQL Server Remote Code Execution (MS15-058; CVE-2015-1762)
2015-07-14 00:00:00

EPSS

0.06

Percentile

93.6%

JSON
Related for KB3065718
nessus9openvas1symantec3cve3nvd3cvelist3prion3checkpoint_advisories1