CVE-2024-28910: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
First published: Tue Apr 09 2024(Updated: )
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft OLE DB Driver 18 for SQL Server | ||
| Microsoft OLE DB Driver 19 for SQL Server | ||
| Microsoft SQL Server 2022 | ||
| Microsoft SQL Server 2019 | ||
| Microsoft SQL Server | ||
| Microsoft VSS Writer for SQL Server 2019 | ||
| Microsoft OLE DB Driver 18 for SQL Server | >=18.0.2<18.7.0002.0 | |
| Microsoft OLE DB Driver 18 for SQL Server | >=19.0.0<19.3.0003.0 | |
| Microsoft VSS Writer for SQL Server 2019 | >=15.0.2000.5<15.0.2110.4 | |
| Microsoft VSS Writer for SQL Server 2019 | >=15.0.4003.23<15.0.4360.2 | |
| Microsoft SQL Server | >=16.0.1000.6<16.0.1115.1 | |
| Microsoft SQL Server | >=16.0.4003.1<16.0.4120.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-28910?
CVE-2024-28910 has been classified with a critical severity level due to its potential for remote code execution.
How do I fix CVE-2024-28910?
To mitigate CVE-2024-28910, update to the latest version of the affected Microsoft OLE DB Driver for SQL Server or SQL Server software as specified in the advisory.
Which Microsoft products are affected by CVE-2024-28910?
CVE-2024-28910 affects Microsoft OLE DB Driver 18 and 19 for SQL Server, as well as Microsoft SQL Server 2019 and 2022.
What is the impact of CVE-2024-28910?
Exploitation of CVE-2024-28910 could allow an attacker to execute arbitrary code on the affected system.
When was CVE-2024-28910 published?
CVE-2024-28910 was published in 2024, detailing vulnerabilities found in Microsoft’s OLE DB Driver for SQL Server.
- agent/title
- agent/references
- agent/type
- collector/msrc-cve
- source/Microsoft
- agent/software-canonical-lookup
- agent/description
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/event
- agent/author
- collector/msrc
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/microsoft
- canonical/microsoft ole db driver 18 for sql server
- canonical/microsoft ole db driver 19 for sql server
- canonical/microsoft sql server 2022
- canonical/microsoft sql server 2019
- canonical/microsoft sql server
- canonical/microsoft vss writer for sql server 2019
- version/microsoft ole db driver 18 for sql server/18.0.2
- version/microsoft ole db driver 18 for sql server/19.0.0
- version/microsoft vss writer for sql server 2019/15.0.2000.5
- version/microsoft vss writer for sql server 2019/15.0.4003.23
- version/microsoft sql server/16.0.1000.6
- version/microsoft sql server/16.0.4003.1