Among the more serious flaws addressed this month is CVE-2019-1068, a remote code execution vulnerability in SQL Server. An attacker could exploit the flaw by sending a specially-crafted query to execute code with the permissions of the Database Engine. The bug was publicly disclosed earlier, but so far no attacks have been spotted in the wild.Interestingly, Adobe didn't patch any security flaws in Flash nor Acrobat/Reader this month. That's the first time in years.
Real-world exploitation is unlikely, in our eyes, because a hacker would have to somehow execute an arbitrary SQL query, and if that's the case, the installation is essentially pwned anyway.
Microsoft patches 78 vulnerabilities this Patch Tuesday
Posted on Wednesday, July 10 2019 @ 10:34 CEST by Thomas De Maesschalck