Microsoft SQL Server Remote Code Execution Vulnerability

Summary

A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions.

Credit:

The information has been provided by Vendor

The original article can be found at:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1068

 


Details

An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.

Vulnerable Systems:

Microsoft SQL Server 2017 for x64-based Systems 
Microsoft SQL Server 2016 for x64-based Systems 
Microsoft SQL Server 2014 for x64-based Systems

CVE Information:

CVE-2019-1068

Disclosure Timeline:
Published Date:07/16/2019