Security Updates for Microsoft SQL Server (Uncredentialed Check) (July 2019)

high Nessus Plugin ID 126630

Synopsis

The Microsoft SQL Server installation on the remote host is missing a security update.

Description

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions. An attacker who successfully exploited this vulnerability could execute code in the context of the SQL Server Database Engine service account. (CVE-2019-1068)

Solution

Microsoft has released the following security updates to address this issue:
-KB4505217
-KB4505419
-KB4505422
-KB4505218
-KB4505219
-KB4505225
-KB4505224
-KB4505222
-KB4505221
-KB4505220

See Also

http://www.nessus.org/u?a359a1a6

http://www.nessus.org/u?3515161a

http://www.nessus.org/u?e525f475

http://www.nessus.org/u?619cf09c

http://www.nessus.org/u?87d34b59

http://www.nessus.org/u?2e915a50

http://www.nessus.org/u?d9e5dfaf

http://www.nessus.org/u?2a252018

http://www.nessus.org/u?893cb218

http://www.nessus.org/u?d42b7b26

Plugin Details

Severity: High

ID: 126630

File Name: smb_nt_ms19_jul_mssql_remote.nasl

Version: 1.4

Type: remote

Agent: windows

Family: Windows

Published: 7/12/2019

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2019-1068

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:sql_server

Required KB Items: Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 7/9/2019

Vulnerability Publication Date: 7/9/2019

Reference Information

CVE: CVE-2019-1068

BID: 108954

MSFT: MS19-4505217, MS19-4505218, MS19-4505219, MS19-4505220, MS19-4505221, MS19-4505222, MS19-4505224, MS19-4505225, MS19-4505419, MS19-4505422

MSKB: 4505217, 4505218, 4505219, 4505220, 4505221, 4505222, 4505224, 4505225, 4505419, 4505422