CVE-2019-1068

HIGH EXPLOITED RANSOMWARE

Microsoft Sql Server - Remote Code Execution

Title source: rule

Description

A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'.

Exploits (1)

nomisec WORKING POC

by Vulnerability-Playground · dos

https://github.com/Vulnerability-Playground/CVE-2019-1068

View Code ZIP pw:eip

References (1)

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1068

Scores

CVSS v3 8.8

EPSS 0.4157

EPSS Percentile 97.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-09-04

Ransomware Use Confirmed

Status published

Products (3)

microsoft/sql_server 2014 sp2 (2 CPE variants)

microsoft/sql_server 2016 sp1 (2 CPE variants)

microsoft/sql_server 2017

Published Jul 15, 2019

Tracked Since Feb 18, 2026