Posted on Wednesday, July 10 2019 @ 10:34 CEST by Thomas De Maesschalck
It's the second Tuesday of the month and that means a fresh set of security updates from Microsoft. In total, the software giant has updates for 78 CVE-listed vulnerabilities, The Register provides a nice overview
over here.
Among the more serious flaws addressed this month is CVE-2019-1068, a remote code execution vulnerability in SQL Server. An attacker could exploit the flaw by sending a specially-crafted query to execute code with the permissions of the Database Engine. The bug was publicly disclosed earlier, but so far no attacks have been spotted in the wild.
Real-world exploitation is unlikely, in our eyes, because a hacker would have to somehow execute an arbitrary SQL query, and if that's the case, the installation is essentially pwned anyway.
Interestingly, Adobe didn't patch any security flaws in Flash nor Acrobat/Reader this month. That's the first time in years.
