First published: Thu Jun 15 2023(Updated: )
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Credit: secure@microsoft.com secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft SQL Server 2022 (CU 5) | ||
Microsoft SQL Server 2019 (CU 21) | ||
Microsoft ODBC Driver 18 for SQL Server on Windows | >=17.0.1.1<17.10.4.1 | |
Microsoft ODBC Driver 18 for SQL Server on MacOS | >=17.0.1.1<17.10.4.1 | |
Microsoft SQL Server 2022 (CU 5) | >=17.0.1.1<17.10.4.1 | |
Microsoft ODBC Driver 18 for SQL Server on Windows | >=18.0.1.1<18.2.1.1 | |
Microsoft ODBC Driver 18 for SQL Server on MacOS | >=18.0.1.1<18.2.1.1 | |
Microsoft SQL Server 2022 (CU 5) | >=18.0.1.1<18.2.1.1 | |
Microsoft SQL Server | =2019 | |
Microsoft SQL Server | =2022 | |
Microsoft Visual Studio 2019 (includes 16.0 - 16.10) | =16.11 | |
Microsoft ODBC Driver 18 for SQL Server on MacOS | ||
Microsoft ODBC Driver 17 for SQL Server on MacOS | ||
Microsoft ODBC Driver 17 for SQL Server on Windows | ||
Microsoft ODBC Driver 17 for SQL Server on Linux | ||
Microsoft ODBC Driver 18 for SQL Server on Windows | ||
Microsoft ODBC Driver 18 for SQL Server on Linux | ||
Microsoft Visual Studio 2022 | =17.4 | |
Microsoft Visual Studio 2022 | =17.2 | |
Microsoft Visual Studio 2022 | =17.8 | |
Microsoft Odbc Driver For Sql Server | >=17.0.1.1<17.10.4.1 | |
Microsoft Odbc Driver For Sql Server | >=17.0.1.1<17.10.4.1 | |
Microsoft Odbc Driver For Sql Server | >=17.0.1.1<17.10.4.1 | |
Microsoft Odbc Driver For Sql Server | >=18.0.1.1<18.2.1.1 | |
Microsoft Odbc Driver For Sql Server | >=18.0.1.1<18.2.1.1 | |
Microsoft Odbc Driver For Sql Server | >=18.0.1.1<18.2.1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-32025 is high with a CVSS score of 7.8.
CVE-2023-32025 allows remote code execution in the Microsoft ODBC Driver for SQL Server.
Microsoft ODBC Driver 18 for SQL Server on Linux and MacOS, ODBC Driver 17 for SQL Server on Linux and Windows, and ODBC Driver 18 for SQL Server on Windows are affected by CVE-2023-32025.
To fix CVE-2023-32025 in the affected Microsoft ODBC Driver for SQL Server versions, you can apply the appropriate patches provided by Microsoft.
You can find more information about CVE-2023-32025 on the Microsoft Security Response Center website.