Oval Definition:oval:org.cisecurity:def:1491
Revision Date:2016-12-30Version:7
Title:SQL RDBMS Engine EoP vulnerability - CVE-2016-7249 (MS16-136)
Description:Microsoft SQL Server 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2016-7214
CVE-2016-7249
Platform(s):Microsoft Windows 10
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016
Product(s):Microsoft SQL Server 2016
Definition Synopsis
  • Microsoft SQL Server 2016 x64 is installed
  • AND Check for vulnerable range
  • Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is less than 13.0.1722 and greater than 13.0.0
  • OR Cumulative Update 3
  • Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is less than 13.0.2185.3
  • AND Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is greater than or equal to 13.0.2100
  • BACK