locked
Unable to patch CVE-2016-xxx - SQL RRS feed

  • Question

  • Hello, 

    I've been trying to patch CVE-2016-7250 - MS16-136 - Microsoft - SQL  and CVE-2016-7253 - MS16-136 - Microsoft - SQL on one of our SQL servers with no success. 

    Here are some details on the server, SQL Server 2014 (SP2)

    It's on the latest version with the latest cumulative update 13 for SQL Server 2014 SP2 - KB4456287 which should patch this vulnerability, but when i run a pen-test both of these vulnerabilities keep pooping up. Has anyone encountered this? 

    Friday, September 7, 2018 1:12 PM

Answers

  • The screenshot says 12.2.5000. That sounds like SP2 without any CU.

    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se

    • Proposed as answer by Teige Gao Monday, September 10, 2018 6:27 AM
    • Marked as answer by jaycastillo1 Wednesday, September 19, 2018 3:29 PM
    Friday, September 7, 2018 9:53 PM

All replies

  • The screenshot says 12.2.5000. That sounds like SP2 without any CU.

    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se

    • Proposed as answer by Teige Gao Monday, September 10, 2018 6:27 AM
    • Marked as answer by jaycastillo1 Wednesday, September 19, 2018 3:29 PM
    Friday, September 7, 2018 9:53 PM
  • Hi jaycastillo1,

    >>I've been trying to patch CVE-2016-7250 - MS16-136 - Microsoft - SQL  and CVE-2016-7253 - MS16-136 - Microsoft - SQL on one of our SQL servers with no success. 

    Could you please tell us what error message did you meet when you install them?

    >>It's on the latest version with the latest cumulative update 13 for SQL Server 2014 SP2 - KB4456287 which should patch this vulnerability

    CU13 for SP2 should contains the CVE-2016-7250 - MS16-136 and CVE-2016-7253 - MS16-136, but based on your above image, your SQL Server version is 12.2.5000 which means SP2. Could you please share the result of the "select @@version"?

    Best Regards,

    Teige


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, September 10, 2018 7:18 AM
  • Hello Everyone and thanks for your prompt answers.

    Here's some screenshots of the error received when we try to apply CU1 and CU13.

    Cumulative Update 1 (KB3178925)

    Cumulative Update 13 (Latest KB4456287 )

    Tuesday, September 11, 2018 2:18 PM
  • Hi,

    Could you please share the screenshot again? I can't see the screenshot.

    Best Regards,

    Teige


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, September 14, 2018 2:35 AM
  • Friday, September 14, 2018 11:34 AM
  • Issue has been resolved.

    Wednesday, September 19, 2018 3:29 PM