Microsoft SQL Server Remote Code Execution Vulnerability


A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions.


The information has been provided by Vendor

The original article can be found at:



An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.

Vulnerable Systems:

Microsoft SQL Server 2017 for x64-based Systems 
Microsoft SQL Server 2016 for x64-based Systems 
Microsoft SQL Server 2014 for x64-based Systems

CVE Information:


Disclosure Timeline:
Published Date:07/16/2019