Security Update for SQL Server 2016 Service Pack 1 GDR (KB4458842)

2018-08-22T17:32:44
ID MS:A861B255-2500-433C-B435-9D70A0A9BCE5
Type msupdate
Reporter Microsoft
Modified 2018-08-22T17:32:44

Description

Executing a specially crafted query involving calculating difference between values of different date types and aggregation of the results, could lead to stack corruption, if the query runs in batch mode. Depending on particular values processed by such query, this could lead to terminating the SQL Server process, or a possibility of remote code execution. More information about the vulnerability can be found here: http://support.microsoft.com/help/4458842

The original update for this security vulnerability, KB4293801 released on August 14, 2018, introduced an issue where the sqlceip.exe process experiences an unhandled exception. For this reason, the update has been replaced. If you have previously applied KB4293801, it is recommended that you install KB4458842 as soon as possible.