Microsoft SQL Server 2016 SP2 GDR Remote Code Execution Vulnerability (KB4505220)

Published: 2019-07-10 07:01:24
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:

This host is missing a critical security update according to Microsoft KB4505220

Detection Method:
Checks if a vulnerable version is present on the target host.

Technical Details:
The flaw exists due to an error in the Microsoft SQL Server Database Engine. It incorrectly handles processing of internal functions.

Successful exploitation will allow attacker to execute arbitrary code within the context of the SQL Server Database Engine service account. Failed exploit attempts may result in a denial-of-service condition.

Affected Versions:
Microsoft SQL Server 2016 SP2 (GDR) for x64-based Systems

The vendor has released updates. Please see the references for more information.

Solution Type:
Vendor Patch

Detection Type:

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

SecurityFocus Bugtraq ID:


CVSS Score

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.