MS15-058 - Vulnerabilities in SQL Server Could Allow Remote Code Execution

Bulletin ID: 

MS15-058

Severity: 

Important

Description: 

Severity Rating: Important
Revision Note: V1.2 (December 9, 2015): Bulletin revised to clarify the product version guidance in the Update FAQ section by aligning it with the guidance provided in earlier releases. This is an informational change only. Customers who have already successfully installed the update do not need to take any action.
Summary: This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from a wrong address, leading to a function call to uninitialized memory. To exploit this vulnerability an attacker would need permissions to create or modify a database.

Security advisory: 

Related content