MS14-044: Description of the security update for SQL Server 2012 Service Pack 1 (QFE): August 12, 2014

Introduction

A security issue has been identified in Microsoft SQL Server 2012 Service Pack 1 that could allow an attacker to compromise your system and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.

Summary

Microsoft has released security bulletin MS14-044. To learn more about this security bulletin:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Support and Troubleshooting

Help protect your Windows-based computer from viruses and malware: Virus and Security Solution Center

Local support according to your country:
International Support

More Information

Known issues with this security update

  • On an instance of SQL Server that has transactional replication, after you install this update, an attempt to run a second instance of the log reader agent for a different publication fails and returns the following error message:
    Another logreader agent for the subscription or subscriptions is running, or the server is working on a previous request by the same agent.
    To resolve this issue, use one of the following options:
    • Option 1: Install SQL Server 2012 Service Pack 2.
    • Option 2: Install hotfix 2975402 (build 11.00.3467). To do this, click the Hotfix Download Available link at the beginning of Microsoft Knowledge Base article 2975402 , and then select the check box for the hotfix whose fix name is as follows (depending on your operating system).

      For 64-bit systems

      SQLServer2012_SP1_COD_2975402_11_0_3467_x64
      For 32-bit systems

      SQLServer2012_SP1_COD_2975402_11_0_3467_x86
    • Option 3: Install SQL Server 2012 Service Pack 1 Cumulative Update 12 when it is available.
  • In certain scenarios, SQL Server 2012 customers who are using Microsoft SQL Server Master Data Service (MDS) may be unable to obtain updates from Microsoft Updates. To work around this problem, SQL Server 2012 MDS customers can manually search for, download, and install the latest Microsoft SQL bulletin packages from Microsoft Download Center. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
    2969894 Cannot obtain updates from Microsoft Updates in a server that has SQL Server 2012 MDS installed

Removal information

ScenarioHow to remove the security update
The SQL Server engine is installed without SQL Server Master Data Services (MDS) on the same computer.You can remove this software update by using the Add or Remove Programs item in Control Panel. You do not have to remove the SQL Server engine.
The SQL Server engine is installed together with MDS on the same computer.
  • You can remove this software update for the SQL Server engine by using the Add or Remove Programs item in Control Panel. You do not have to remove the SQL Server engine.
  • To remove this software update for MDS, follow these steps:
    1. Back up the MDS database.
    2. Remove the MDS component.
    3. Reinstall the MDS component.
    4. Apply any necessary SQL Server service packs or service updates to bring MDS to its pre-security update version.
MDS is installed on a computer that does not have the SQL Server engine installed.
  1. Back up the MDS database.
  2. Remove the MDS component.
  3. Reinstall the MDS component.
  4. Apply any necessary SQL Server service packs or service updates to bring MDS to its pre-security update version.

FILE INFORMATION

The English (United States) version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
x86-based versions
x64-based versions