Revision Date: | 2016-12-30 | Version: | 7 |
Title: | SQL RDBMS Engine EoP vulnerability - CVE-2016-7249 (MS16-136) |
Description: | Microsoft SQL Server 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability." |
Family: | windows | Class: | vulnerability |
Status: | ACCEPTED | Reference(s): | CVE-2016-7214 CVE-2016-7249
|
Platform(s): | Microsoft Windows 10 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016
| Product(s): | Microsoft SQL Server 2016
|
Definition Synopsis |
Microsoft SQL Server 2016 x64 is installed AND Check for vulnerable range
Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is less than 13.0.1722 and greater than 13.0.0
OR Cumulative Update 3
Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is less than 13.0.2185.3
AND Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is greater than or equal to 13.0.2100
|