Freigeben über


MS15-058 SQL Server Security Bulletin Released

A security bulletin for SQL Server has been released on 7/14/2015. This applies to SQL Server 2008, 2008 R2, 2012, and 2014 releases. Please see the bulletin and KB links below for details on the fixes and how to download.

Bulletin #

KB

Title

Severity

Impact

MS15-058

3065718

Vulnerabilities in SQL Server Could Allow Remote Code Execution

Important

Remote Code Execution

 

You can find the individual KB articles for each release in the table below.

The General Distribution Release (GDR) and Quick Fix Engineering (QFE) designations correspond to the two different update servicing branches in place for SQL Server. The primary difference between the two is that QFE branches cumulatively include all updates while GDR branches include only security updates for a given baseline. A baseline can be the initial RTM release or a Service Pack.

For any given baseline, either the GDR or QFE branch updates are options if you are at the baseline or have installed a previous GDR update for that baseline. The QFE branch is the only option if you have installed a previous QFE for the baseline you are on.

KB #

Title

Apply If Current Product Version Is…

This Security Update also includes servicing releases up through…

3045305

MS15-058: Description of the security update for SQL Server 2008 Service Pack 3 GDR: July 14, 2015

10.00.5500.00 or 10.00.5520.00

2008 SP3 GDR (MS14-044)

3045303

MS15-058: Description of the security update for SQL Server 2008 Service Pack 3 QFE: July 14, 2015

10.00.5500.00 - 10.00.5869.00

2008 SP3 CU17

3045311

MS15-058: Description of the security update for SQL Server 2008 Service Pack 4 GDR: July 14, 2015

10.0.6000.29

2008 SP4

3045308

MS15-058: Description of the security update for SQL Server 2008 Service Pack 4 QFE: July 14, 2015

10.0.6000.29 - 10.0.6526.0

2008 SP4

3045313

MS15-058: Description of the security update for SQL Server 2008 R2 Service Pack 2 GDR: July 14, 2015

10.50.4000.0 or 10.50.4033.0

2008 R2 SP2 GDR (MS14-044)

3045312

MS15-058: Description of the security update for SQL Server 2008 R2 Service Pack 2 QFE: July 14, 2015

10.50.4000.0 - 10.50.4331.0

2008 R2 SP2 CU13

3045316

MS15-058: Description of the security update for SQL Server 2008 R2 Service Pack 3 GDR: July 14, 2015

10.50.6000.34

2008 R2 SP3

3045314

MS15-058: Description of the security update for SQL Server 2008 R2 Service Pack 3 QFE: July 14, 2015

10.50.6000.34 - 10.50.6525.0

2008 R2 SP3

3045318

MS15-058: Description of the security update for SQL Server 2012 SP1 GDR: July 14, 2015

11.0.3000.0 or 11.0.3153.0

2012 SP1 GDR (MS14-044)

3045317

MS15-058: Description of the security update for SQL Server 2012 SP1 QFE: July 14, 2015

11.0.3000.0 - 11.0.3492.0

2012 SP1 CU16

3045321

MS15-058: Description of the security update for SQL Server 2012 Service Pack 2 GDR: July 14, 2015

11.0.5058.0

2012 SP2

3045319

MS15-058: Description of the security update for SQL Server 2012 Service Pack 2 QFE: July 14, 2015

11.0.5058.0 - 11.0.5592.0

2012 SP2 CU6

3045324

MS15-058: Description of the security update for SQL Server 2014 GDR: July 14, 2015

12.0.2000.8 or 12.0.2254.0

2014 RTM GDR (MS14-044)

3045323

MS15-058: Description of the security update for SQL Server 2014 QFE: July 14, 2015

12.0.2000.8 - 12.0.2546.0

2014 RTM CU8

3070446

MS15-058: Description of the non-security update for SQL Server 2014 Service Pack 1 GDR: July 14, 2015

12.0.4100.1

2014 SP1

Comments

  • Anonymous
    July 14, 2015
    Do any of these issues affect the Express Server editions of SQL Server?  I looked at a few of the advisories and none of them call out an Express Server edition, but some of the issues appear to be generic enough that they should affect Express Server editions.

  • Anonymous
    July 15, 2015
    Correct, the release applies to Express edition as well.

  • Anonymous
    July 15, 2015
    Can we expect this fix in the next set of CU's for SQL2012? Thanks Chris

  • Anonymous
    July 16, 2015
    Yes. CUs released after 7/14/2015 will have these fixes.

  • Anonymous
    July 19, 2015
    How can i check if the patch is installed? The SQL Version number isn't modified in any way.

  • Anonymous
    July 20, 2015
    SQL Express download is still dated October 2014. Will that be updated and when or we run MS15-058 against Express installs directly ?

  • Anonymous
    July 20, 2015
    Maikel, when you install the patch, the version number will change. You can see what the new version should be in the KB article under File Information. If you are seeing an issue, please let us know. WhatAboutExpress, you can apply the patch to express installs directly. Again, please let us know if you see any issues.

  • Anonymous
    July 29, 2015
    The comment has been removed

  • Anonymous
    August 05, 2015
    We are upgrading one of our environments from SP2 to SP3 which has already received the MS15-058 security patch. Will we need to apply the patch again after upgrading?

  • Anonymous
    August 05, 2015
    No patch for 2005, but no note about not applicable to it either. Aren't products on Extended support still covered by Security patches ?

  • Anonymous
    August 24, 2015
    Do any of these issues affect the Windows Internal Database?

  • Anonymous
    November 05, 2015
    After installing this SQL Server 2008 R2 Service Pack 3 + MS15-058 .,let me know the process of after applying what health checks we can perform.