Security Updates for Microsoft SQL Server (July 2019)

Critical Nessus Plugin ID 126631

Synopsis

The Microsoft SQL Server installation on the remote host is missing a security update.

Description

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions. An attacker who successfully exploited this vulnerability could execute code in the context of the SQL Server Database Engine service account. (CVE-2019-1068)

Solution

Microsoft has released the following security updates to address this issue:
-KB4505217
-KB4505419
-KB4505422
-KB4505218
-KB4505219
-KB4505225
-KB4505224
-KB4505222
-KB4505221
-KB4505220

See Also

http://www.nessus.org/u?a359a1a6

http://www.nessus.org/u?3515161a

http://www.nessus.org/u?e525f475

http://www.nessus.org/u?619cf09c

http://www.nessus.org/u?87d34b59

http://www.nessus.org/u?2e915a50

http://www.nessus.org/u?d9e5dfaf

http://www.nessus.org/u?2a252018

http://www.nessus.org/u?893cb218

http://www.nessus.org/u?d42b7b26

Plugin Details

Severity: Critical

ID: 126631

File Name: smb_nt_ms19_jul_mssql.nasl

Version: 1.2

Type: local

Agent: windows

Published: 2019/07/12

Updated: 2019/08/13

Dependencies: 57033, 13855, 10456, 11217

Risk Information

Risk Factor: Critical

CVSS Score Source: CVE-2019-1068

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:microsoft:sql_server

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Patch Publication Date: 2019/07/09

Vulnerability Publication Date: 2019/07/09

Reference Information

CVE: CVE-2019-1068

BID: 108954

MSKB: 4505217, 4505419, 4505422, 4505218, 4505219, 4505225, 4505224, 4505222, 4505221, 4505220

MSFT: MS19-4505217, MS19-4505419, MS19-4505422, MS19-4505218, MS19-4505219, MS19-4505225, MS19-4505224, MS19-4505222, MS19-4505221, MS19-4505220

IAVA: 2019-A-0226