Lucene search

K
mskbMicrosoftKB3199641
HistoryNov 08, 2016 - 12:00 a.m.

MS16-136: Security update for SQL Server: November 8, 2016

2016-11-0800:00:00
Microsoft
support.microsoft.com
51

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

<html><body><p>Resolves vulnerabilities in Microsoft SQL Server that could allow an attacker to gain elevated privileges that might be used to create accounts, or view, change, or delete data.</p><h2>Summary</h2><div>This update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow an attacker to gain elevated privileges that might be used to create accounts, or view, change, or delete data. To learn more about these vulnerabilities, see <a href=“https://technet.microsoft.com/library/security/ms16-136” target=“self">Microsoft Security Bulletin MS16-136</a>.<br /><br /><br /><span></span></div><h2></h2><div><h3>Additional information about this security update</h3>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.<ul><li><a href=“https://support.microsoft.com/en-us/help/3194716”>3194716 </a> MS16-136: Description of the security update for SQL Server 2016 GDR: November 8, 2016</li><li><a href=“https://support.microsoft.com/en-us/help/3194717”>3194717 </a> MS16-136: Description of the security update for SQL Server 2016 CU: November 8, 2016</li><li><a href=“https://support.microsoft.com/en-us/help/3194714”>3194714 </a> MS16-136: Description of the security update for SQL Server 2014 Service Pack 2 GDR: November 8, 2016</li><li><a href=“https://support.microsoft.com/en-us/help/3194718”>3194718 </a> MS16-136: Description of the security update for SQL Server 2014 Service Pack 2 CU: November 8, 2016</li><li><a href=“https://support.microsoft.com/en-us/help/3194720”>3194720 </a> MS16-136: Description of the security update for SQL Server 2014 Service Pack 1 GDR: November 8, 2016</li><li><a href=“https://support.microsoft.com/en-us/help/3194722”>3194722 </a> MS16-136: Description of the security update for SQL Server 2014 Service Pack 1 CU: November 8, 2016</li><li><a href=“https://support.microsoft.com/en-us/help/3194721”>3194721 </a> MS16-136: Description of the security update for SQL Server 2012 Service Pack 3 GDR: November 8, 2016</li><li><a href=“https://support.microsoft.com/en-us/help/3194724”>3194724 </a> MS16-136: Description of the security update for SQL Server 2012 Service Pack 3 CU: November 8, 2016</li><li><a href=“https://support.microsoft.com/en-us/help/3194719”>3194719 </a> MS16-136: Description of the security update for SQL Server 2012 Service Pack 2 GDR: November 8, 2016</li><li><a href=“https://support.microsoft.com/en-us/help/3194725”>3194725 </a> MS16-136: Description of the security update for SQL Server 2012 Service Pack 2 CU: November 8, 2016</li></ul></div><h2></h2><div><div><div><div><span><span></span></span><span><span>Security update deployment information</span></span></div><div><span><div><h4>SQL Server 2012 Service Pack 2</h4><div><span>Reference table</span><br /><br />The following table contains the security update information for this software. <br /><br /><div><table><tr><td><span>Security update file names</span></td><td>For GDR update of SQL Server 2012 Service Pack 2 for 32-bit Systems:<br /><span>SQLServer2012-KB3194719-x86.exe</span></td></tr><tr><td></td><td>For GDR update of SQL Server 2012 Service Pack 2 for x64-based Systems:<br /><span>SQLServer2012-KB3194719-x64.exe</span></td></tr><tr><td></td><td>For CU update of SQL Server 2012 Service Pack 2 for 32-bit Systems:<br /><span>SQLServer2012-KB</span><span>3194725-x86.exe</span></td></tr><tr><td></td><td>For CU update of SQL Server 2012 Service Pack 2 for x64-based Systems:<br /><span>SQLServer2012-KB</span><span>3194725-x64.exe</span></td></tr><tr><td><span>Installation switches</span></td><td>See <a href=“https://support.microsoft.com/help/934307” target="self">Microsoft Knowledge Base article 934307</a></td></tr><tr><td><span>Update log file</span></td><td>%programfiles%\Microsoft SQL Server\110\Setup Bootstrap\LOG&lt;TimeStamp>\MSSQLServer\Summary<MachineName><Timestamp>.txt</td></tr><tr><td><span>Special instructions</span></td><td>This update is also offered to SQL Server 2012 Service Pack 2 (SP2) instances that are clustered.<br /><br />To reduce downtime if your SQL Server 2012 SP2 cluster has a passive node, Microsoft recommends that you scan and apply the update to the inactive node first, and then scan and apply it to the active node. After all components are updated on all nodes, the update will no longer be offered.</td></tr><tr><td><span>Restart requirement</span></td><td>A restart of the SQL Server instance is required if files are in use.<br /><br />If a restart is required, the installer prompts or returns exit code 3010.</td></tr><tr><td><span>Removal information</span></td><td>Use <strong>Add or Remove Programs</strong> in Control Panel.</td></tr><tr><td><span>File information</span></td><td>For GDR update of SQL Server 2012 Service Pack 2:<br />See <a href=“https://support.microsoft.com/help/3194719” target=”_self">Microsoft Knowledge Base article 3194719</a><br /><br />For CU update of SQL Server 2012 Service Pack 2:<br />See <a href=“https://support.microsoft.com/help/3194725” target=“self">Microsoft Knowledge Base Article 3194725</a></td></tr></table></div><h4>SQL Server 2012 Service Pack 3</h4><div><span>Reference table</span><br /><br />The following table contains the security update information for this software. <br /><br /><div><table><tr><td><span>Security update file names</span></td><td>For GDR update of SQL Server 2012 Service Pack 3 for 32-bit Systems:<br /><span>SQLServer2012-KB3194721-x86.exe</span></td></tr><tr><td></td><td>For GDR update of SQL Server 2012 Service Pack 3 for x64-based Systems:<br /><span>SQLServer2012-KB3194721-x64.exe</span></td></tr><tr><td></td><td>For CU update of SQL Server 2012 Service Pack 3 for 32-bit Systems:<br /><span>SQLServer2012-KB</span><span>3194724-x86.exe</span></td></tr><tr><td></td><td>For CU update of SQL Server 2012 Service Pack 3 for x64-based Systems:<br /><span>SQLServer2012-KB</span><span>3194724-x64.exe</span></td></tr><tr><td><span>Installation switches</span></td><td>See <a href=“https://support.microsoft.com/help/934307” target="self">Microsoft Knowledge Base article 934307</a></td></tr><tr><td><span>Update log file</span></td><td>%programfiles%\Microsoft SQL Server\110\Setup Bootstrap\LOG&lt;TimeStamp>\MSSQLServer\Summary<MachineName><Timestamp>.txt</td></tr><tr><td><span>Special instructions</span></td><td>This update is also offered to SQL Server 2012 Service Pack 3 (SP3) instances that are clustered.<br /><br />To reduce downtime if your SQL Server 2012 SP3 cluster has a passive node, Microsoft recommends that you scan and apply the update to the inactive node first, and then scan and apply it to the active node. After all components are updated on all nodes, the update will no longer be offered.</td></tr><tr><td><span>Restart requirement</span></td><td>A restart of the SQL Server instance is required if files are in use.<br /><br />If a restart is required, the installer prompts or returns exit code 3010.</td></tr><tr><td><span>Removal information</span></td><td>Use <strong>Add or Remove Programs</strong> in Control Panel.</td></tr><tr><td><span>File information</span></td><td>For GDR update of SQL Server 2012 Service Pack 3:<br />See <a href=“https://support.microsoft.com/help/3194721” target=”_self">Microsoft Knowledge Base article 3194721</a><br /><br />For CU update of SQL Server 2012 Service Pack 3:<br />See <a href=“https://support.microsoft.com/help/3194724” target=“self">Microsoft Knowledge Base article 3194724</a></td></tr></table></div><h4>SQL Server 2014 Service Pack 1</h4><div><span>Reference table</span><br /><br />The following table contains the security update information for this software. <br /><br /><div><table><tr><td><span>Security update file names</span></td><td>For GDR update of SQL Server 2012 Service Pack 1 for 32-bit Systems:<br /><span>SQLServer2014-KB3194720-x64.exe</span></td></tr><tr><td></td><td>For GDR update of SQL Server 2012 Service Pack 1 for x64-based Systems:<br /><span>SQLServer2014-KB3194720-x64.exe</span></td></tr><tr><td></td><td>For CU update of SQL Server 2012 Service Pack 1 for 32-bit Systems:<br /><span>SQLServer2014-KB3194722-x64.exe</span></td></tr><tr><td></td><td>For CU update of SQL Server 2012 Service Pack 1 for x64-based Systems:<br /><span>SQLServer2014-KB3194722-x64.exe</span></td></tr><tr><td><span>Installation switches</span></td><td>See <a href=“https://support.microsoft.com/help/934307” target="self">Microsoft Knowledge Base article 934307</a></td></tr><tr><td><span>Update log file</span></td><td>%programfiles%\Microsoft SQL Server\120\Setup Bootstrap\LOG&lt;TimeStamp>\MSSQLServer\Summary<MachineName><Timestamp>.txt</td></tr><tr><td><span>Special instructions</span></td><td>This update is also offered to SQL Server 2014 Service Pack 1 (SP1) instances that are clustered.<br /><br />To reduce downtime if your SQL Server 2014 SP1 cluster has a passive node, Microsoft recommends that you scan and apply the update to the inactive node first, and then scan and apply it to the active node. After all components are updated on all nodes, the update will no longer be offered.</td></tr><tr><td><span>Restart requirement</span></td><td>A restart of the SQL Server instance is required if files are in use.<br /><br />If a restart is required, the installer prompts or returns exit code 3010.</td></tr><tr><td><span>Removal information</span></td><td>Use <strong>Add or Remove Programs</strong> in Control Panel.</td></tr><tr><td><span>File information</span></td><td>For GDR update of SQL Server 2014 Service Pack 1:<br />See <a href=“https://support.microsoft.com/help/3194720” target=”_self">Microsoft Knowledge Base article 3194720</a><br /><br />For CU update of SQL Server 2014 Service Pack 1:<br />See <a href=“https://support.microsoft.com/help/3194722” target=“self">Microsoft Knowledge Base article 3194722</a></td></tr></table></div><h4>SQL Server 2014 Service Pack 2</h4><div><span>Reference table</span><br /><br />The following table contains the security update information for this software. <br /><br /><div><table><tr><td><span>Security update file names</span></td><td>For GDR update of SQL Server 2012 Service Pack 2 for 32-bit Systems:<br /><span>SQLServer2014-KB3194714-x64.exe</span></td></tr><tr><td></td><td>For GDR update of SQL Server 2012 Service Pack 2 for x64-based Systems:<br /><span>SQLServer2014-KB3194714-x64.exe</span></td></tr><tr><td></td><td>For CU update of SQL Server 2012 Service Pack 2 for 32-bit Systems:<br /><span>SQLServer2014-KB3194718-x64.exe</span></td></tr><tr><td></td><td>For CU update of SQL Server 2012 Service Pack 2 for x64-based Systems:<br /><span>SQLServer2014-KB3194718-x64.exe</span></td></tr><tr><td><span>Installation switches</span></td><td>See <a href=“https://support.microsoft.com/help/934307” target="self">Microsoft Knowledge Base article 934307</a></td></tr><tr><td><span>Update log file</span></td><td>%programfiles%\Microsoft SQL Server\120\Setup Bootstrap\LOG&lt;TimeStamp>\MSSQLServer\Summary<MachineName><Timestamp>.txt</td></tr><tr><td><span>Special instructions</span></td><td>This update is also offered to SQL Server 2014 Service Pack 2 (SP2) instances that are clustered.<br /><br />To reduce downtime if your SQL Server 2014 SP2 cluster has a passive node, Microsoft recommends that you scan and apply the update to the inactive node first, and then scan and apply it to the active node. After all components are updated on all nodes, the update will no longer be offered.</td></tr><tr><td><span>Restart requirement</span></td><td>A restart of the SQL Server instance is required if files are in use.<br /><br />If a restart is required, the installer prompts or returns exit code 3010.</td></tr><tr><td><span>Removal information</span></td><td>Use <strong>Add or Remove Programs</strong> in Control Panel.</td></tr><tr><td><span>File information</span></td><td>For GDR update of SQL Server 2012 Service Pack 2:<br />See <a href=“https://support.microsoft.com/help/3194714” target=”_self">Microsoft Knowledge Base article 3194714</a><br /><br />For CU update of SQL Server 2012 Service Pack 2:<br />See <a href=“https://support.microsoft.com/help/3194718” target=“self">Microsoft Knowledge Base article 3194718</a></td></tr></table></div><h4>SQL Server 2016</h4><div><span>Reference table</span><br /><br />The following table contains the security update information for this software.<br /><br /><div><table><tr><td><span>Security update file names</span></td><td>For GDR update of SQL Server 2016 for 32-bit Systems:<br /><span>SQLServer2016-KB3194716-x64.exe</span></td></tr><tr><td></td><td>For GDR update of SQL Server 2016 for x64-based Systems:<br /><span>SQLServer2016-KB3194716-x64.exe</span></td></tr><tr><td></td><td>For CU update of SQL Server 2016 for 32-bit Systems:<br /><span>SQLServer2016-KB3194717-x64.exe</span></td></tr><tr><td></td><td>For CU update of SQL Server 2016 for x64-based Systems:<br /><span>SQLServer2016-KB3194717-x64.exe</span></td></tr><tr><td><span>Installation switches</span></td><td>See <a href=“https://support.microsoft.com/help/934307” target="self">Microsoft Knowledge Base article 934307</a></td></tr><tr><td><span>Update log file</span></td><td>%programfiles%\Microsoft SQL Server\130\Setup Bootstrap\LOG&lt;TimeStamp>\MSSQLServer\Summary<MachineName><Timestamp>.txt</td></tr><tr><td><span>Special instructions</span></td><td>This update is also offered to SQL Server 2016 instances that are clustered.<br /><br />To reduce downtime if your SQL Server 2016 cluster has a passive node, Microsoft recommends that you scan and apply the update to the inactive node first, and then scan and apply it to the active node. After all components are updated on all nodes, the update will no longer be offered.</td></tr><tr><td><span>Restart requirement</span></td><td>A restart of the SQL Server instance is required if files are in use.<br /><br />If a restart is required, the installer prompts or returns exit code 3010.</td></tr><tr><td><span>Removal information</span></td><td>Use <strong>Add or Remove Programs</strong> in Control Panel.</td></tr><tr><td><span>File information</span></td><td>For GDR update of SQL Server 2016:<br />See <a href=“https://support.microsoft.com/help/3194716” target=”_self">Microsoft Knowledge Base article 3194716</a><br /><br />For CU update of SQL Server 2016:<br />See <a href=“https://support.microsoft.com/help/3194717” target=“_self”>Microsoft Knowledge Base article 3194717</a></td></tr></table></div></div><br /></div></div></div></div></div></span></div></div></div><div><div><div><span><span></span></span><span><span>How to obtain help and support for this security update</span></span></div><div><span><div>Help for installing updates: <a href=“https://support.microsoft.com/ph/6527” target=“_self”>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals: <a href=“https://technet.microsoft.com/security/bb980617.aspx” target=“_self”>TechNet Security Troubleshooting and Support</a><br /><br />Help for protecting your Windows-based computer from viruses and malware: <a href=“https://support.microsoft.com/contactus/cu_sc_virsec_master” target=“_self”>Virus Solution and Security Center</a><br /><br />Local support according to your country: <a href=“https://support.microsoft.com/” target=“_self”>International Support</a></div><br /></span></div></div></div></div></body></html>

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P