CVE-2019-1068

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server versions 2014 through 2017

Description A remote code execution issue exists in Microsoft SQL Server due to incorrect handling of internal functions. This could allow an attacker to execute arbitrary code by sending a specially crafted SQL query. An attacker who successfully exploits this issue could execute code in the context of the SQL Server Database Engine service account. To exploit the issue, an authenticated attacker would need to submit a specially crafted query to an affected SQL server.

Recommendations For Microsoft SQL Server versions 2014 through 2017, update and patch all instances to address the issue. As a temporary workaround, consider restricting access to the SQL server to minimize the risk of exploitation. Avoid using specially crafted queries in the affected SQL server until the issue is resolved.