First published: Tue Apr 11 2023(Updated: )
Microsoft SQL Server Remote Code Execution Vulnerability
Credit: secure@microsoft.com secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft SQL Server | =2008-r2_sp3 | |
Microsoft SQL Server | =2008-sp4 | |
Microsoft SQL Server | =2012-sp4 | |
Microsoft SQL Server | =2014-sp3 | |
Microsoft SQL Server | =2016-sp3 | |
Microsoft SQL Server | =2017 | |
Microsoft SQL Server | =2019 | |
Microsoft SQL Server | =2022 | |
Microsoft SQL Server 2014 (CU 4) | ||
Microsoft SQL Server 2017 (CU 31) | ||
Microsoft SQL Server 2014 (CU 4) | ||
Microsoft SQL Server 2008 for x64-Based Systems | ||
Microsoft SQL Server 2016 Azure Connect Feature Pack | ||
Microsoft SQL Server 2022 | ||
Microsoft SQL Server 2012 | ||
Microsoft SQL Server 2008 R2 for x64-Based Systems | ||
Microsoft SQL Server 2008 R2 for 32-Bit Systems | ||
Microsoft SQL Server 2019 | ||
Microsoft SQL Server 2014 | ||
Microsoft SQL Server 2019 (CU 18) | ||
Microsoft SQL Server 2012 | ||
Microsoft SQL Server 2017 | ||
Microsoft SQL Server 2008 | ||
Microsoft SQL Server 2016 | ||
Microsoft SQL Server 2014 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-23384 is a remote code execution vulnerability in Microsoft SQL Server.
CVE-2023-23384 has a severity level of high.
SQL Server 2019, SQL Server 2022, SQL Server 2008, SQL Server 2017, SQL Server 2012, SQL Server 2019 (CU 18), SQL Server 2014, SQL Server 2008 R2 for 32-Bit Systems, SQL Server 2016 Azure Connectivity Pack, SQL Server 2016, SQL Server 2008 for x64-Based Systems, SQL Server 2008 R2 for x64-Based Systems, and SQL Server 2014 (CU 4) are affected by CVE-2023-23384.
To fix CVE-2023-23384, you can apply the patches or updates provided by Microsoft for the affected SQL Server versions. Refer to the Microsoft support links provided in the affected software section for specific remediation steps.
You can find more information about CVE-2023-23384 on the Microsoft Security Response Center website.