MS14-044: Vulnerabilities in SQL Server could allow elevation of privilege: August 12, 2014

Applies to: SQL Server 2014 DeveloperSQL Server 2014 DeveloperSQL Server 2014 Enterprise More

INTRODUCTION


Microsoft has released security bulletin MS14-044. To learn more about this security bulletin:

How to obtain help and support for this security update

Help installing updates:
Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your Windows-based computer Windows from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International Support

More Information


Known issues and more information about this security update

The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link.
  • 2977316 MS14-044: Description of the security update for SQL Server 2014 (QFE): August 12, 2014
  • 2977315 MS14-044: Description of the security update for SQL Server 2014 (GDR): August 12, 2014
    Known issues in security update 2977315:
    • If you install Cumulative Update 1 (CU1) or CU2 for Microsoft SQL Server 2014 after you install this security update, the update for Master Data Services will be removed, and Master Data Services will be vulnerable again. To resolve that issue, you must reinstall the QFE package from this article (security update 2977315) or any cumulative update build whose version number is larger than 12.0.2381.0. 
  • 2977325 MS14-044: Description of the security update for SQL Server 2012 Service Pack 1 (QFE): August 12, 2014
    Known issues in security update 2977325:
    • In certain scenarios, SQL Server 2012 customers who are using Microsoft SQL Server Master Data Service (MDS) may be unable to obtain updates from Microsoft Update. To work around this problem, SQL Server 2012 MDS customers can manually search for, download, and install the latest Microsoft SQL bulletin packages from the Microsoft Download Center. For more information, click the following article number to view the article in the Microsoft Knowledge Base: 
      2969894  Cannot obtain updates from Microsoft Update on a server that has SQL Server 2012 MDS installed  
  • 2977326 MS14-044: Description of the security update for SQL Server 2012 Service Pack 1 (GDR): August 12, 2014
    Known issues in security update 2977326: 
    • In certain scenarios, SQL Server 2012 customers who are using Microsoft SQL Server Master Data Service (MDS) may be unable to obtain updates from Microsoft Update. To work around this problem, SQL Server 2012 MDS customers can manually search for, download, and install the latest Microsoft SQL bulletin packages from the Microsoft Download Center. For more information, click the following article number to view the article in the Microsoft Knowledge Base: 
      2969894  Cannot obtain updates from Microsoft Update in a server that has SQL Server 2012 MDS installed  
    • After you install this security update, SQL Server is updated to version 11.0.3153.0. If you have the Analysis Services and Tools components installed, these components are updated to version 11.0.3130.0. This version number is associated with update 2793634. This is true even though update 2793634 is listed as version 11.0.3128.0. All SQL Server servicing releases between baselines (for example, RTM baselines, service packs, and so on) are cumulative.
  • 2977321 MS14-044: Description of the security update for SQL Server 2008 SP3 (GDR): August 12, 2014
  • 2977322 MS14-044: Description of the security update for SQL Server 2008 Service Pack 3 (QFE): August 12, 2014
  • 2977319 MS14-044: Description of the security update for SQL Server 2008 R2 Service Pack 2 (QFE): August 12, 2014
  • 2977320 MS14-044: Description of the security update for SQL Server 2008 R2 Service Pack 2 (GDR): August 12, 2014

FILE INFORMATION