8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
<html><body><p>Resolves vulnerabilities in Microsoft SQL Server that could allow an attacker to gain elevated privileges that might be used to create accounts, or view, change, or delete data.</p><h2>Summary</h2><div>This update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow an attacker to gain elevated privileges that might be used to create accounts, or view, change, or delete data. To learn more about these vulnerabilities, see <a href=“https://technet.microsoft.com/library/security/ms16-136” target=“self">Microsoft Security Bulletin MS16-136</a>.<br /><br /><br /><span></span></div><h2></h2><div><h3>Additional information about this security update</h3>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.<ul><li><a href=“https://support.microsoft.com/en-us/help/3194716”>3194716 </a> MS16-136: Description of the security update for SQL Server 2016 GDR: November 8, 2016</li><li><a href=“https://support.microsoft.com/en-us/help/3194717”>3194717 </a> MS16-136: Description of the security update for SQL Server 2016 CU: November 8, 2016</li><li><a href=“https://support.microsoft.com/en-us/help/3194714”>3194714 </a> MS16-136: Description of the security update for SQL Server 2014 Service Pack 2 GDR: November 8, 2016</li><li><a href=“https://support.microsoft.com/en-us/help/3194718”>3194718 </a> MS16-136: Description of the security update for SQL Server 2014 Service Pack 2 CU: November 8, 2016</li><li><a href=“https://support.microsoft.com/en-us/help/3194720”>3194720 </a> MS16-136: Description of the security update for SQL Server 2014 Service Pack 1 GDR: November 8, 2016</li><li><a href=“https://support.microsoft.com/en-us/help/3194722”>3194722 </a> MS16-136: Description of the security update for SQL Server 2014 Service Pack 1 CU: November 8, 2016</li><li><a href=“https://support.microsoft.com/en-us/help/3194721”>3194721 </a> MS16-136: Description of the security update for SQL Server 2012 Service Pack 3 GDR: November 8, 2016</li><li><a href=“https://support.microsoft.com/en-us/help/3194724”>3194724 </a> MS16-136: Description of the security update for SQL Server 2012 Service Pack 3 CU: November 8, 2016</li><li><a href=“https://support.microsoft.com/en-us/help/3194719”>3194719 </a> MS16-136: Description of the security update for SQL Server 2012 Service Pack 2 GDR: November 8, 2016</li><li><a href=“https://support.microsoft.com/en-us/help/3194725”>3194725 </a> MS16-136: Description of the security update for SQL Server 2012 Service Pack 2 CU: November 8, 2016</li></ul></div><h2></h2><div><div><div><div><span><span></span></span><span><span>Security update deployment information</span></span></div><div><span><div><h4>SQL Server 2012 Service Pack 2</h4><div><span>Reference table</span><br /><br />The following table contains the security update information for this software. <br /><br /><div><table><tr><td><span>Security update file names</span></td><td>For GDR update of SQL Server 2012 Service Pack 2 for 32-bit Systems:<br /><span>SQLServer2012-KB3194719-x86.exe</span></td></tr><tr><td></td><td>For GDR update of SQL Server 2012 Service Pack 2 for x64-based Systems:<br /><span>SQLServer2012-KB3194719-x64.exe</span></td></tr><tr><td></td><td>For CU update of SQL Server 2012 Service Pack 2 for 32-bit Systems:<br /><span>SQLServer2012-KB</span><span>3194725-x86.exe</span></td></tr><tr><td></td><td>For CU update of SQL Server 2012 Service Pack 2 for x64-based Systems:<br /><span>SQLServer2012-KB</span><span>3194725-x64.exe</span></td></tr><tr><td><span>Installation switches</span></td><td>See <a href=“https://support.microsoft.com/help/934307” target="self">Microsoft Knowledge Base article 934307</a></td></tr><tr><td><span>Update log file</span></td><td>%programfiles%\Microsoft SQL Server\110\Setup Bootstrap\LOG<TimeStamp>\MSSQLServer\Summary<MachineName><Timestamp>.txt</td></tr><tr><td><span>Special instructions</span></td><td>This update is also offered to SQL Server 2012 Service Pack 2 (SP2) instances that are clustered.<br /><br />To reduce downtime if your SQL Server 2012 SP2 cluster has a passive node, Microsoft recommends that you scan and apply the update to the inactive node first, and then scan and apply it to the active node. After all components are updated on all nodes, the update will no longer be offered.</td></tr><tr><td><span>Restart requirement</span></td><td>A restart of the SQL Server instance is required if files are in use.<br /><br />If a restart is required, the installer prompts or returns exit code 3010.</td></tr><tr><td><span>Removal information</span></td><td>Use <strong>Add or Remove Programs</strong> in Control Panel.</td></tr><tr><td><span>File information</span></td><td>For GDR update of SQL Server 2012 Service Pack 2:<br />See <a href=“https://support.microsoft.com/help/3194719” target=”_self">Microsoft Knowledge Base article 3194719</a><br /><br />For CU update of SQL Server 2012 Service Pack 2:<br />See <a href=“https://support.microsoft.com/help/3194725” target=“self">Microsoft Knowledge Base Article 3194725</a></td></tr></table></div><h4>SQL Server 2012 Service Pack 3</h4><div><span>Reference table</span><br /><br />The following table contains the security update information for this software. <br /><br /><div><table><tr><td><span>Security update file names</span></td><td>For GDR update of SQL Server 2012 Service Pack 3 for 32-bit Systems:<br /><span>SQLServer2012-KB3194721-x86.exe</span></td></tr><tr><td></td><td>For GDR update of SQL Server 2012 Service Pack 3 for x64-based Systems:<br /><span>SQLServer2012-KB3194721-x64.exe</span></td></tr><tr><td></td><td>For CU update of SQL Server 2012 Service Pack 3 for 32-bit Systems:<br /><span>SQLServer2012-KB</span><span>3194724-x86.exe</span></td></tr><tr><td></td><td>For CU update of SQL Server 2012 Service Pack 3 for x64-based Systems:<br /><span>SQLServer2012-KB</span><span>3194724-x64.exe</span></td></tr><tr><td><span>Installation switches</span></td><td>See <a href=“https://support.microsoft.com/help/934307” target="self">Microsoft Knowledge Base article 934307</a></td></tr><tr><td><span>Update log file</span></td><td>%programfiles%\Microsoft SQL Server\110\Setup Bootstrap\LOG<TimeStamp>\MSSQLServer\Summary<MachineName><Timestamp>.txt</td></tr><tr><td><span>Special instructions</span></td><td>This update is also offered to SQL Server 2012 Service Pack 3 (SP3) instances that are clustered.<br /><br />To reduce downtime if your SQL Server 2012 SP3 cluster has a passive node, Microsoft recommends that you scan and apply the update to the inactive node first, and then scan and apply it to the active node. After all components are updated on all nodes, the update will no longer be offered.</td></tr><tr><td><span>Restart requirement</span></td><td>A restart of the SQL Server instance is required if files are in use.<br /><br />If a restart is required, the installer prompts or returns exit code 3010.</td></tr><tr><td><span>Removal information</span></td><td>Use <strong>Add or Remove Programs</strong> in Control Panel.</td></tr><tr><td><span>File information</span></td><td>For GDR update of SQL Server 2012 Service Pack 3:<br />See <a href=“https://support.microsoft.com/help/3194721” target=”_self">Microsoft Knowledge Base article 3194721</a><br /><br />For CU update of SQL Server 2012 Service Pack 3:<br />See <a href=“https://support.microsoft.com/help/3194724” target=“self">Microsoft Knowledge Base article 3194724</a></td></tr></table></div><h4>SQL Server 2014 Service Pack 1</h4><div><span>Reference table</span><br /><br />The following table contains the security update information for this software. <br /><br /><div><table><tr><td><span>Security update file names</span></td><td>For GDR update of SQL Server 2012 Service Pack 1 for 32-bit Systems:<br /><span>SQLServer2014-KB3194720-x64.exe</span></td></tr><tr><td></td><td>For GDR update of SQL Server 2012 Service Pack 1 for x64-based Systems:<br /><span>SQLServer2014-KB3194720-x64.exe</span></td></tr><tr><td></td><td>For CU update of SQL Server 2012 Service Pack 1 for 32-bit Systems:<br /><span>SQLServer2014-KB3194722-x64.exe</span></td></tr><tr><td></td><td>For CU update of SQL Server 2012 Service Pack 1 for x64-based Systems:<br /><span>SQLServer2014-KB3194722-x64.exe</span></td></tr><tr><td><span>Installation switches</span></td><td>See <a href=“https://support.microsoft.com/help/934307” target="self">Microsoft Knowledge Base article 934307</a></td></tr><tr><td><span>Update log file</span></td><td>%programfiles%\Microsoft SQL Server\120\Setup Bootstrap\LOG<TimeStamp>\MSSQLServer\Summary<MachineName><Timestamp>.txt</td></tr><tr><td><span>Special instructions</span></td><td>This update is also offered to SQL Server 2014 Service Pack 1 (SP1) instances that are clustered.<br /><br />To reduce downtime if your SQL Server 2014 SP1 cluster has a passive node, Microsoft recommends that you scan and apply the update to the inactive node first, and then scan and apply it to the active node. After all components are updated on all nodes, the update will no longer be offered.</td></tr><tr><td><span>Restart requirement</span></td><td>A restart of the SQL Server instance is required if files are in use.<br /><br />If a restart is required, the installer prompts or returns exit code 3010.</td></tr><tr><td><span>Removal information</span></td><td>Use <strong>Add or Remove Programs</strong> in Control Panel.</td></tr><tr><td><span>File information</span></td><td>For GDR update of SQL Server 2014 Service Pack 1:<br />See <a href=“https://support.microsoft.com/help/3194720” target=”_self">Microsoft Knowledge Base article 3194720</a><br /><br />For CU update of SQL Server 2014 Service Pack 1:<br />See <a href=“https://support.microsoft.com/help/3194722” target=“self">Microsoft Knowledge Base article 3194722</a></td></tr></table></div><h4>SQL Server 2014 Service Pack 2</h4><div><span>Reference table</span><br /><br />The following table contains the security update information for this software. <br /><br /><div><table><tr><td><span>Security update file names</span></td><td>For GDR update of SQL Server 2012 Service Pack 2 for 32-bit Systems:<br /><span>SQLServer2014-KB3194714-x64.exe</span></td></tr><tr><td></td><td>For GDR update of SQL Server 2012 Service Pack 2 for x64-based Systems:<br /><span>SQLServer2014-KB3194714-x64.exe</span></td></tr><tr><td></td><td>For CU update of SQL Server 2012 Service Pack 2 for 32-bit Systems:<br /><span>SQLServer2014-KB3194718-x64.exe</span></td></tr><tr><td></td><td>For CU update of SQL Server 2012 Service Pack 2 for x64-based Systems:<br /><span>SQLServer2014-KB3194718-x64.exe</span></td></tr><tr><td><span>Installation switches</span></td><td>See <a href=“https://support.microsoft.com/help/934307” target="self">Microsoft Knowledge Base article 934307</a></td></tr><tr><td><span>Update log file</span></td><td>%programfiles%\Microsoft SQL Server\120\Setup Bootstrap\LOG<TimeStamp>\MSSQLServer\Summary<MachineName><Timestamp>.txt</td></tr><tr><td><span>Special instructions</span></td><td>This update is also offered to SQL Server 2014 Service Pack 2 (SP2) instances that are clustered.<br /><br />To reduce downtime if your SQL Server 2014 SP2 cluster has a passive node, Microsoft recommends that you scan and apply the update to the inactive node first, and then scan and apply it to the active node. After all components are updated on all nodes, the update will no longer be offered.</td></tr><tr><td><span>Restart requirement</span></td><td>A restart of the SQL Server instance is required if files are in use.<br /><br />If a restart is required, the installer prompts or returns exit code 3010.</td></tr><tr><td><span>Removal information</span></td><td>Use <strong>Add or Remove Programs</strong> in Control Panel.</td></tr><tr><td><span>File information</span></td><td>For GDR update of SQL Server 2012 Service Pack 2:<br />See <a href=“https://support.microsoft.com/help/3194714” target=”_self">Microsoft Knowledge Base article 3194714</a><br /><br />For CU update of SQL Server 2012 Service Pack 2:<br />See <a href=“https://support.microsoft.com/help/3194718” target=“self">Microsoft Knowledge Base article 3194718</a></td></tr></table></div><h4>SQL Server 2016</h4><div><span>Reference table</span><br /><br />The following table contains the security update information for this software.<br /><br /><div><table><tr><td><span>Security update file names</span></td><td>For GDR update of SQL Server 2016 for 32-bit Systems:<br /><span>SQLServer2016-KB3194716-x64.exe</span></td></tr><tr><td></td><td>For GDR update of SQL Server 2016 for x64-based Systems:<br /><span>SQLServer2016-KB3194716-x64.exe</span></td></tr><tr><td></td><td>For CU update of SQL Server 2016 for 32-bit Systems:<br /><span>SQLServer2016-KB3194717-x64.exe</span></td></tr><tr><td></td><td>For CU update of SQL Server 2016 for x64-based Systems:<br /><span>SQLServer2016-KB3194717-x64.exe</span></td></tr><tr><td><span>Installation switches</span></td><td>See <a href=“https://support.microsoft.com/help/934307” target="self">Microsoft Knowledge Base article 934307</a></td></tr><tr><td><span>Update log file</span></td><td>%programfiles%\Microsoft SQL Server\130\Setup Bootstrap\LOG<TimeStamp>\MSSQLServer\Summary<MachineName><Timestamp>.txt</td></tr><tr><td><span>Special instructions</span></td><td>This update is also offered to SQL Server 2016 instances that are clustered.<br /><br />To reduce downtime if your SQL Server 2016 cluster has a passive node, Microsoft recommends that you scan and apply the update to the inactive node first, and then scan and apply it to the active node. After all components are updated on all nodes, the update will no longer be offered.</td></tr><tr><td><span>Restart requirement</span></td><td>A restart of the SQL Server instance is required if files are in use.<br /><br />If a restart is required, the installer prompts or returns exit code 3010.</td></tr><tr><td><span>Removal information</span></td><td>Use <strong>Add or Remove Programs</strong> in Control Panel.</td></tr><tr><td><span>File information</span></td><td>For GDR update of SQL Server 2016:<br />See <a href=“https://support.microsoft.com/help/3194716” target=”_self">Microsoft Knowledge Base article 3194716</a><br /><br />For CU update of SQL Server 2016:<br />See <a href=“https://support.microsoft.com/help/3194717” target=“_self”>Microsoft Knowledge Base article 3194717</a></td></tr></table></div></div><br /></div></div></div></div></div></span></div></div></div><div><div><div><span><span></span></span><span><span>How to obtain help and support for this security update</span></span></div><div><span><div>Help for installing updates: <a href=“https://support.microsoft.com/ph/6527” target=“_self”>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals: <a href=“https://technet.microsoft.com/security/bb980617.aspx” target=“_self”>TechNet Security Troubleshooting and Support</a><br /><br />Help for protecting your Windows-based computer from viruses and malware: <a href=“https://support.microsoft.com/contactus/cu_sc_virsec_master” target=“_self”>Virus Solution and Security Center</a><br /><br />Local support according to your country: <a href=“https://support.microsoft.com/” target=“_self”>International Support</a></div><br /></span></div></div></div></div></body></html>
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P