What is CVE-2023-36417?

CVE-2023-36417 is a vulnerability in Microsoft SQL ODBC Driver that allows remote code execution.

How severe is CVE-2023-36417?

CVE-2023-36417 has a severity of 7.8, which is considered high.

What software is affected by CVE-2023-36417?

The affected software includes Microsoft SQL Server 2022, Microsoft OLE DB Driver 18 for SQL Server, Microsoft OLE DB Driver 19 for SQL Server, and Microsoft SQL Server 2019.

How do I fix CVE-2023-36417 in Microsoft SQL Server 2022?

To fix CVE-2023-36417 in Microsoft SQL Server 2022, you can apply the patch available at https://www.microsoft.com/download/details.aspx?familyid=59387692-a103-47b7-aae0-96a679fdd2e6.

How do I fix CVE-2023-36417 in Microsoft SQL Server 2019?

To fix CVE-2023-36417 in Microsoft SQL Server 2019, you can apply the patch available at https://www.microsoft.com/download/details.aspx?familyid=4ad4dd87-9e09-4848-92b0-4c06058a8fcf.

Vulnerability/
CVE-2023-36417

high

7.8

CWE

122

10/10/2023

10/12/2024

CVE-2023-36417: Microsoft SQL OLE DB Remote Code Execution Vulnerability

First published: Tue Oct 10 2023(Updated: )

Microsoft SQL OLE DB Remote Code Execution Vulnerability

Credit: secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft SQL Server 2022 (CU 8)		fix available externally
Microsoft SQL Server 2022		fix available externally
Microsoft OLE DB Driver 19 for SQL Server		fix available externally
Microsoft SQL Server 2019		fix available externally
Microsoft SQL Server 2019 (CU 22)		fix available externally
Microsoft OLE DB Driver 18 for SQL Server		fix available externally
Microsoft Odbc Driver For Sql Server	>=18.0.2<19.3.0002.0
Microsoft SQL Server	=2019
Microsoft SQL Server	=2022
Microsoft SQL Server 2019		fix available externally
Microsoft SQL Server 2022		fix available externally
Microsoft SQL Server 2022 (CU 8)		fix available externally
Microsoft SQL Server 2019 (CU 22)		fix available externally
Microsoft OLE DB Driver for SQL Server	>=18.0.0<18.6.0007.0
Microsoft OLE DB Driver for SQL Server	>=19.0.0<19.3.0002.0

Remedy

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36417

Never miss a vulnerability like this again

Reference Links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36417 (Advisory)

Frequently Asked Questions

What is CVE-2023-36417?
CVE-2023-36417 is a vulnerability in Microsoft SQL ODBC Driver that allows remote code execution.
How severe is CVE-2023-36417?
CVE-2023-36417 has a severity of 7.8, which is considered high.
What software is affected by CVE-2023-36417?
The affected software includes Microsoft SQL Server 2022, Microsoft OLE DB Driver 18 for SQL Server, Microsoft OLE DB Driver 19 for SQL Server, and Microsoft SQL Server 2019.
How do I fix CVE-2023-36417 in Microsoft SQL Server 2022?
To fix CVE-2023-36417 in Microsoft SQL Server 2022, you can apply the patch available at https://www.microsoft.com/download/details.aspx?familyid=59387692-a103-47b7-aae0-96a679fdd2e6.
How do I fix CVE-2023-36417 in Microsoft SQL Server 2019?
To fix CVE-2023-36417 in Microsoft SQL Server 2019, you can apply the patch available at https://www.microsoft.com/download/details.aspx?familyid=4ad4dd87-9e09-4848-92b0-4c06058a8fcf.

collector/msrc
agent/author
agent/type
agent/first-publish-date
source/Microsoft
collector/msrc-cve
agent/software-canonical-lookup
agent/references
agent/remedy
agent/title
agent/severity
collector/nvd-index
agent/software-canonical-lookup-request
agent/description
collector/mitre-cve
source/MITRE
agent/event
collector/nvd-api
source/NVD
agent/last-modified-date
agent/weakness
agent/softwarecombine
agent/tags
vendor/microsoft
canonical/microsoft sql server 2022 (cu 8)
canonical/microsoft sql server 2022
canonical/microsoft ole db driver 19 for sql server
canonical/microsoft sql server 2019
canonical/microsoft sql server 2019 (cu 22)
canonical/microsoft ole db driver 18 for sql server
canonical/microsoft odbc driver for sql server
version/microsoft odbc driver for sql server/18.0.2
canonical/microsoft sql server
version/microsoft sql server/2019
version/microsoft sql server/2022
canonical/microsoft ole db driver for sql server
version/microsoft ole db driver for sql server/18.0.0
version/microsoft ole db driver for sql server/19.0.0