Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-75619
HistoryJul 14, 2015 - 12:00 a.m.

Microsoft SQL Server CVE-2015-1761 Privilege Escalation Vulnerability

2015-07-1400:00:00
Symantec Security Response
www.symantec.com
34

EPSS

0.014

Percentile

86.4%

JSON

Description

Microsoft SQL Server is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges.

Technologies Affected

  • Avaya Meeting Exchange - Client Registration Server 5.0
  • Avaya Meeting Exchange - Client Registration Server 5.0.1
  • Avaya Meeting Exchange - Client Registration Server 5.2
  • Avaya Meeting Exchange - Client Registration Server 5.2.1
  • Avaya Meeting Exchange - Client Registration Server 6.0
  • Avaya Meeting Exchange - Client Registration Server 6.2
  • Avaya Meeting Exchange - Recording Server 5.0
  • Avaya Meeting Exchange - Recording Server 5.0.1
  • Avaya Meeting Exchange - Recording Server 5.2
  • Avaya Meeting Exchange - Recording Server 5.2.1
  • Avaya Meeting Exchange - Recording Server 6.0
  • Avaya Meeting Exchange - Recording Server 6.2
  • Avaya Meeting Exchange - Recording Server
  • Avaya Meeting Exchange - Streaming Server 5.0
  • Avaya Meeting Exchange - Streaming Server 5.0.1
  • Avaya Meeting Exchange - Streaming Server 5.2
  • Avaya Meeting Exchange - Streaming Server 5.2.1
  • Avaya Meeting Exchange - Streaming Server 6.2
  • Avaya Meeting Exchange - Web Conferencing Server 5.0
  • Avaya Meeting Exchange - Web Conferencing Server 5.0.1
  • Avaya Meeting Exchange - Web Conferencing Server 5.2
  • Avaya Meeting Exchange - Web Conferencing Server 5.2.1
  • Avaya Meeting Exchange - Web Conferencing Server 6.2
  • Avaya Meeting Exchange - Webportal 5.0
  • Avaya Meeting Exchange - Webportal 5.0.1
  • Avaya Meeting Exchange - Webportal 5.2
  • Avaya Meeting Exchange - Webportal 5.2.1
  • Avaya Meeting Exchange - Webportal 6.2
  • HP Intelligent Management Center (IMC) 5.0
  • HP Intelligent Management Center (IMC) 5.0_E0101
  • HP Intelligent Management Center (IMC) 5.0_E0101L01
  • HP Intelligent Management Center (IMC) 5.0_E0101L02
  • HP Intelligent Management Center (IMC) 5.0_E0101P05
  • HP Intelligent Management Center (IMC) 5.1 E0202
  • HP Intelligent Management Center (IMC) 5.1_E0101P01
  • HP Intelligent Management Center (IMC) 5.2
  • HP Intelligent Management Center (IMC) 5.2 E0401
  • HP Intelligent Management Center (IMC) 5.2 E401
  • HP Intelligent Management Center (IMC) 7.0
  • HP Intelligent Management Center (IMC) 7.0 E0102
  • HP Intelligent Management Center (IMC) 7.2 E0403P06
  • Microsoft SQL Server 2008 32bit SP3
  • Microsoft SQL Server 2008 R2 for 32-bit Systems Service Pack 2
  • Microsoft SQL Server 2008 R2 for 32-bit Systems Service Pack 3
  • Microsoft SQL Server 2008 R2 for Itanium-based Systems Service Pack 2
  • Microsoft SQL Server 2008 R2 for x64-based Systems Service Pack 2
  • Microsoft SQL Server 2008 R2 for x64-based Systems Service Pack 3
  • Microsoft SQL Server 2008 for 32-bit Systems Service Pack 4
  • Microsoft SQL Server 2008 for x64-based Systems Service Pack 4
  • Microsoft SQL Server 2008 itanium SP3
  • Microsoft SQL Server 2008 x64 SP3
  • Microsoft SQL Server 2012 for 32-bit Systems Service Pack 1
  • Microsoft SQL Server 2012 for 32-bit Systems Service Pack 2
  • Microsoft SQL Server 2012 for x64-based Systems Service Pack 1
  • Microsoft SQL Server 2012 for x64-based Systems Service Pack 2
  • Microsoft SQL Server 2014 for 32-bit Systems
  • Microsoft SQL Server 2014 for x64-based Systems

Recommendations

Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits

Implement multiple redundant layers of security.
Memory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.

Updates are available. Please see the references or vendor advisory for more information.

Related

cve 1
nvd 1
cvelist 1
prion 1
nessus 9
mskb 1
openvas 1
cve
cve
CVE-2015-1761
2015-07-14 23:59:00
nvd
nvd
CVE-2015-1761
2015-07-14 23:59:00
cvelist
cvelist
CVE-2015-1761
2015-07-14 23:00:00
prion
prion
Privilege escalation
2015-07-14 23:59:00
nessus
nessus
Microsoft SQL Server 2008 SP4 10.0.6500.0 through 10.0.6526.0 Multiple Vulnerabilities (3045308)
2016-12-12 00:00:00
MS15-058: Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718) (uncredentialed check)
2015-07-14 00:00:00
Microsoft SQL Server 2014 12.0.2254.0 through 12.0.2546.0 Multiple Vulnerabilities (3045324)
2016-12-12 00:00:00
mskb
mskb
MS15-058: Vulnerabilities in SQL Server could allow remote code execution: July 14, 2015
2015-07-14 00:00:00
openvas
openvas
Microsoft SQL Server Multiple Vulnerabilities (MS15-058)
2015-07-15 00:00:00

EPSS

0.014

Percentile

86.4%

JSON
Related for SMNTC-75619
cve1nvd1cvelist1prion1nessus9mskb1openvas1