CVE-2023-23384: Microsoft SQL Server Remote Code Execution Vulnerability
First published: Tue Apr 11 2023(Updated: )
Microsoft SQL Server Remote Code Execution Vulnerability
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft SQL Server | =2008-r2_sp3 | |
| Microsoft SQL Server | =2008-sp4 | |
| Microsoft SQL Server | =2012-sp4 | |
| Microsoft SQL Server | =2014-sp3 | |
| Microsoft SQL Server | =2016-sp3 | |
| Microsoft SQL Server | =2017 | |
| Microsoft SQL Server | =2019 | |
| Microsoft SQL Server | =2022 | |
| Microsoft SQL Server 2014 (CU 4) | ||
| Microsoft SQL Server 2012 | ||
| Microsoft SQL Server 2016 Azure Connect Feature Pack | ||
| Microsoft SQL Server 2008 for x64-Based Systems | ||
| Microsoft SQL Server 2019 (CU 18) | ||
| Microsoft SQL Server 2014 (CU 4) | ||
| Microsoft SQL Server 2008 R2 for 32-Bit Systems | ||
| Microsoft SQL Server 2019 | ||
| Microsoft SQL Server 2014 | ||
| Microsoft SQL Server 2012 | ||
| Microsoft SQL Server 2016 | ||
| Microsoft SQL Server 2008 | ||
| Microsoft SQL Server 2008 R2 for x64-Based Systems | ||
| Microsoft SQL Server 2017 | ||
| Microsoft SQL Server 2022 | ||
| Microsoft SQL Server 2017 (CU 31) | ||
| Microsoft SQL Server 2014 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-23384?
CVE-2023-23384 is a remote code execution vulnerability in Microsoft SQL Server.
How severe is CVE-2023-23384?
CVE-2023-23384 has a severity level of high.
Which versions of SQL Server are affected by CVE-2023-23384?
SQL Server 2019, SQL Server 2022, SQL Server 2008, SQL Server 2017, SQL Server 2012, SQL Server 2019 (CU 18), SQL Server 2014, SQL Server 2008 R2 for 32-Bit Systems, SQL Server 2016 Azure Connectivity Pack, SQL Server 2016, SQL Server 2008 for x64-Based Systems, SQL Server 2008 R2 for x64-Based Systems, and SQL Server 2014 (CU 4) are affected by CVE-2023-23384.
How do I fix CVE-2023-23384?
To fix CVE-2023-23384, you can apply the patches or updates provided by Microsoft for the affected SQL Server versions. Refer to the Microsoft support links provided in the affected software section for specific remediation steps.
Where can I find more information about CVE-2023-23384?
You can find more information about CVE-2023-23384 on the Microsoft Security Response Center website.
- collector/msrc
- collector/msrc-cve
- collector/nvd-index
- collector/mitre-cve
- vendor/microsoft
- canonical/microsoft sql server
- version/microsoft sql server/2008-r2_sp3
- version/microsoft sql server/2008-sp4
- version/microsoft sql server/2012-sp4
- version/microsoft sql server/2014-sp3
- version/microsoft sql server/2016-sp3
- version/microsoft sql server/2017
- version/microsoft sql server/2019
- version/microsoft sql server/2022
- canonical/microsoft sql server 2014 (cu 4)
- canonical/microsoft sql server 2012
- canonical/microsoft sql server 2016 azure connect feature pack
- canonical/microsoft sql server 2008 for x64-based systems
- canonical/microsoft sql server 2019 (cu 18)
- canonical/microsoft sql server 2008 r2 for 32-bit systems
- canonical/microsoft sql server 2019
- canonical/microsoft sql server 2014
- canonical/microsoft sql server 2016
- canonical/microsoft sql server 2008
- canonical/microsoft sql server 2008 r2 for x64-based systems
- canonical/microsoft sql server 2017
- canonical/microsoft sql server 2022
- canonical/microsoft sql server 2017 (cu 31)