New Security Update for SQL Server in July 2019 Patches

It doesn’t look like this would affect SQL Server 2008 or SQL Server 2008 R2 since the earliest reported platform is SQL Server 2014, but in Microsoft’s release of patches today, SQL Server is included. Here’s the vulnerability:

CVE-2019-1068 | Microsoft SQL Server Remote Code Execution Vulnerability

It’s a remote code exploit, but the attacker has to be connected to SQL Server because the vulnerability can only be exploited using a specially crafted query. The code would execute in the context of the database engine service account (hopefully not configured to run with administrative rights on the server or elevated rights in Active Directory).

The Microsoft security announcement is here (this is the 2014 GDR link as there other links for other configurations):

Description of the security update for SQL Server 2014 SP3 GDR: July 9, 2019

Why do I mention SQL Server 2008 / 2008 R2? That’s because those versions are no longer under Extended Support and will not receive security updates. If you haven’t migrated, I’ve written an article at Simple Talk talking about your options.

2 Comments (+add yours?)

  1. Trackback: Security Update for SQL Server – Curated SQL
  2. Andy
    Jul 18, 2019 @ 07:22:46

    Any idea about SQL Server 2012 Service Pack 4, which is officially supported until 2022-07-12:
    https://support.microsoft.com/en-us/lifecycle/search?alpha=sql%20server%202012

    The new vulnerability in MSSQL mysteriously excludes MSSQL 2012. The oldest supported version in the table is MSSQL 2014 SP2.
    And the article states “If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported.”

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: