What is CVE-2019-1068?

CVE-2019-1068 is a vulnerability in Microsoft Sql Server. Published 2019-07-15.

Is CVE-2019-1068 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Sql Server

CVE-2019-1068

A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'.

EPSS: 0.416 (97.5th percentile) — read the EPSS interpretation.

Affected products

Microsoft Sql Server — versions 2014 Service Pack 2 for 32-bit Systems (CU), 2014 Service Pack 2 for x64-based Systems (CU), 2016 for x64-based Systems Service Pack 1 (CU)
Microsoft Sql Server 2014 Service Pack 2 For 32-bit Systems (Gdr) — versions unspecified
Microsoft Sql Server 2014 Service Pack 2 For X64-based Systems (Gdr) — versions unspecified
Microsoft Sql Server 2014 Service Pack 3 For 32-bit Systems (Cu) — versions unspecified
Microsoft Sql Server 2014 Service Pack 3 For 32-bit Systems (Gdr) — versions unspecified
Microsoft Sql Server 2014 Service Pack 3 For X64-based Systems (Cu) — versions unspecified
Microsoft Sql Server 2014 Service Pack 3 For X64-based Systems (Gdr) — versions unspecified
Microsoft Sql Server 2016 For X64-based Systems Service Pack 1 (Gdr) — versions unspecified
Microsoft Sql Server 2016 For X64-based Systems Service Pack 2 (Gdr) — versions unspecified
Microsoft Sql Server 2017 For X64-based Systems (Gdr) — versions unspecified

Public proof-of-concept exploits

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1068 (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-1068?: CVE-2019-1068 is a vulnerability in Microsoft Sql Server. Published 2019-07-15.
Is CVE-2019-1068 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.