Description: Executing a specially crafted query involving calculating difference between values of different date types and aggregation of the results, could lead to stack corruption, if the query runs in batch mode. Depending on particular values processed by such query, this could lead to terminating the SQL Server process, or a possibility of remote code execution. More information about the vulnerability can be found here: http://support.microsoft.com/help/4458842 The original update for this security vulnerability, KB4293801 released on August 14, 2018, introduced an issue where the sqlceip.exe process experiences an unhandled exception. For this reason, the update has been replaced. If you have previously applied KB4293801, it is recommended that you install KB4458842 as soon as possible.
Architecture: n/a
Classification: Security Updates
Supported products: Microsoft SQL Server 2016
Supported languages: English
MSRC Number: n/a
MSRC severity: n/a
KB article numbers: 4458842