MS15-058: Vulnerabilities in SQL Server could allow remote code execution

  • timlenz (7/16/2015)

    HEY ALL!

    Be aware that this patch is considered a HIGH SECURITY RISK and because of that Microsoft has the ability to install and restart your SQL Server (or your Windows Server) without your permission and knowledge under certain conditions.

    According to our IT department all downloads and installed patches go through a group policy and automation program. Why do I care? Our production server was taken off line yesterday when the download tried to install and failed because it had other patches waiting to be installed that required a reboot and reboots only happen on weekend maintenance windows. SO it restarted SQL all by its self at 3 pm in the afternoon! to finish this patch to SQL Server.

    Just a heads up - let your IT department know this is totally NOT acceptable. :w00t:

    Tim "the Trollman"


    Thanks for the warning. Good to know.

  • Interesting comments. I loaded this on a home test SQL2012 SP2 (no CUs) yesterday, and had no outage / reboot from it. I loaded it on a Prod (currently unused) SQL 2012 SP2 (no CUs) at work, and I believe it either bounced SQL (need to check now,) or at least closed all network connections...

    Thankfully our server admins DON'T push updates to the servers, it's up to me to go in and install and reboot as needed (which is why prod gets done Saturday mornings...)

  • Applied it to a few Non Prod Environments over the weekend. Testing will be going on this week. Patch applied without incident.

  • We've now updated. Again, thanks for the alert on this.

  • We have applied it to almost all NonProd and a couple Prod environments without issue so far.

Viewing 5 posts - 16 through 19 (of 19 total)

You must be logged in to reply to this topic. Login to reply