CVE-2016-7253
First published: Thu Nov 10 2016(Updated: )
The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Server Agent Elevation of Privilege Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft SQL Server | =2012-sp2 | |
| Microsoft SQL Server | =2012-sp3 | |
| Microsoft SQL Server | =2014-sp1 | |
| Microsoft SQL Server | =2014-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/references
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft sql server
- version/microsoft sql server/2012-sp2
- version/microsoft sql server/2012-sp3
- version/microsoft sql server/2014-sp1
- version/microsoft sql server/2014-sp2