Searching
..

Click anywhere to stop

KLA50361
Multiple vulnerabilities in Microsoft SQL Server

Updated: 01/25/2024
Detect date
?
06/15/2023
Severity
?
High
Description

Multiple vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Microsoft ODBC Driver for SQL Server can be exploited remotely to execute arbitrary code.
  2. A remote code execution vulnerability in Microsoft OLE DB can be exploited remotely to execute arbitrary code.
  3. A remote code execution vulnerability in Microsoft ODBC and OLE DB can be exploited remotely to execute arbitrary code.
Affected products

Microsoft ODBC Driver 18 for SQL Server on Linux
Microsoft OLE DB Driver 19 for SQL Server
Microsoft ODBC Driver 17 for SQL Server on MacOS
Microsoft ODBC Driver 18 for SQL Server on MacOS
Microsoft ODBC Driver 18 for SQL Server on Windows
Microsoft SQL Server 2019 for x64-based Systems (CU 21)
Microsoft OLE DB Driver 18 for SQL Server
Microsoft ODBC Driver 17 for SQL Server on Windows
Microsoft SQL Server 2022 for x64-based Systems (CU 5)
Microsoft ODBC Driver 17 for SQL Server on Linux

Solution

Update to the latest version
Microsoft OLE DB Driver 18 for SQL Server
Microsoft OLE DB Driver 19 for SQL Server
Microsoft ODBC Driver 17 for SQL Server on Windows
Microsoft ODBC Driver 18 for SQL Server on Windows

Original advisories

CVE-2023-32027
CVE-2023-32025
CVE-2023-29356
CVE-2023-32028
CVE-2023-32026
CVE-2023-29349

Impacts
?
ACE 
[?]

PE 
[?]
Related products
Microsoft SQL Server
Microsoft Windows
CVE-IDS
?
CVE-2023-320277.8Critical
CVE-2023-320257.8Critical
CVE-2023-293567.8Critical
CVE-2023-320287.8Critical
CVE-2023-320267.8Critical
CVE-2023-293497.8Critical
Microsoft official advisories
Microsoft Security Update Guide
Find out the statistics of the vulnerabilities spreading in your region