This vulnerability has been assigned the following unique identifier: CVE-2019-1773. A remote code execution vulnerability has been discovered in the Microsoft ODBC Driver that could allow an attacker to execute code on the target system when a user connects to an affected system using Microsoft SQL Server. This vulnerability is being actively exploited in the wild. It is highly recommended that users apply the latest security updates. A patch for this vulnerability was released on January 29, 2019. Microsoft SQL Server 2019 Standard, Enterprise, and Data Platform Editions are all vulnerable. Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and SUSE Linux Enterprise Server are not affected. A patch for this vulnerability was released on March 27, 2019. This vulnerability is being actively exploited in the wild through exploit kits like Neutrino. It is highly recommended that users apply the latest security updates. A patch for this vulnerability was released on March 28, 2019. Azure SQL Database is not affected. A patch for this vulnerability was released on March 28, 2019. Oracle is not affected. A patch for this vulnerability was released on March 28, 2019. The following versions of Microsoft SQL Server are vulnerable: - Microsoft SQL Server 2019 Standard, Enterprise, and Data Platform Editions - Microsoft SQL Server 2019 Reporting Services Standard and Enterprise Editions
SQL Server 2017 Standard, Enterprise and Data Platform Editions
Microsoft SQL Server 2017 Standard, Enterprise and Data Platform Editions are vulnerable.
Microsoft SQL Server MS17-037
Remote Code Execution Vulnerability
This vulnerability has been assigned the following unique identifier: CVE-2019-1773. A remote code execution vulnerability has been discovered in the Microsoft ODBC Driver that could allow an attacker to execute code on the target system when a user connects to an affected system using Microsoft SQL Server. This vulnerability is being actively exploited in the wild and is highly recommended that users apply patches for this vulnerability as soon as possible. A patch for this vulnerability was released on January 29, 2019. Azure SQL Database is not affected by this vulnerability, but Microsoft SQL DB is vulnerable. A patch for this vulnerability was released on March 28, 2019. Oracle and MySQL are not affected by this vulnerability. A patch for this vulnerability was released on March 28, 2019. The following versions of Microsoft SQL Server are vulnerable: - Microsoft SQL Server 2019 Standard, Enterprise, and Data Platform Editions - Microsoft SQL Server 2019 Reporting Services Standard and Enterprise Editions
Microsoft SQL Server 2019 Standard, Enterprise, and Data Platform Editions are all vulnerable.
The vulnerability has been assigned the following unique identifier: CVE-2019-1773. A remote code execution vulnerability has been discovered in the Microsoft ODBC Driver that could allow an attacker to execute code on the target system when a user connects to an affected system using Microsoft SQL Server. This vulnerability is being actively exploited in the wild. It is highly recommended that users apply the latest security updates.
Microsoft SQL Server 2019 Standard, Enterprise and Data Platform Editions are all vulnerable
Microsoft SQL Server 2019 Standard, Enterprise, and Data Platform Editions are all affected. They all have the same vulnerability and therefore can be exploited in the same manner. The patch that Microsoft released on January 29, 2019 has already prevented many exploits from reaching successful attacks. However, it is still recommended that users apply the latest security updates to prevent future exploitation of this vulnerability.
Timeline
Published on: 09/13/2022 19:15:00 UTC
Last modified on: 09/16/2022 17:07:00 UTC