What is the severity of CVE-2024-28927?

CVE-2024-28927 has been rated as a critical vulnerability due to its potential for remote code execution.

How do I fix CVE-2024-28927?

To fix CVE-2024-28927, you should apply the appropriate security updates or patches released by Microsoft for the affected OLE DB Driver or SQL Server version.

Which versions are affected by CVE-2024-28927?

CVE-2024-28927 affects Microsoft OLE DB Driver 18, OLE DB Driver 19, SQL Server 2019, and SQL Server 2022 products.

What type of vulnerability is CVE-2024-28927?

CVE-2024-28927 is classified as a remote code execution vulnerability that can allow an attacker to execute arbitrary code on the affected system.

When was CVE-2024-28927 reported?

CVE-2024-28927 was reported as part of Microsoft's ongoing security updates and responses to identified vulnerabilities.

Vulnerability/
CVE-2024-28927

high

8.8

CWE

122

9/4/2024

23/1/2025

CVE-2024-28927: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

First published: Tue Apr 09 2024(Updated: )

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft OLE DB Driver 18 for SQL Server		fix available externally
Microsoft OLE DB Driver 19 for SQL Server		fix available externally
Microsoft SQL Server 2022		fix available externally
Microsoft SQL Server 2022		fix available externally
Microsoft SQL Server 2019		fix available externally
Microsoft SQL Server 2019		fix available externally
Microsoft SQL Server		fix available externally
Microsoft VSS Writer for SQL Server 2019		fix available externally
Microsoft OLE DB Driver 18 for SQL Server	>=18.0.2<18.7.0002.0
Microsoft OLE DB Driver 18 for SQL Server	>=19.0.0<19.3.0003.0
Microsoft VSS Writer for SQL Server 2019	>=15.0.2000.5<15.0.2110.4
Microsoft VSS Writer for SQL Server 2019	>=15.0.4003.23<15.0.4360.2
Microsoft SQL Server	>=16.0.1000.6<16.0.1115.1
Microsoft SQL Server	>=16.0.4003.1<16.0.4120.1

Never miss a vulnerability like this again

Reference Links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28927 (Advisory)

Frequently Asked Questions

What is the severity of CVE-2024-28927?
CVE-2024-28927 has been rated as a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2024-28927?
To fix CVE-2024-28927, you should apply the appropriate security updates or patches released by Microsoft for the affected OLE DB Driver or SQL Server version.
Which versions are affected by CVE-2024-28927?
CVE-2024-28927 affects Microsoft OLE DB Driver 18, OLE DB Driver 19, SQL Server 2019, and SQL Server 2022 products.
What type of vulnerability is CVE-2024-28927?
CVE-2024-28927 is classified as a remote code execution vulnerability that can allow an attacker to execute arbitrary code on the affected system.
When was CVE-2024-28927 reported?
CVE-2024-28927 was reported as part of Microsoft's ongoing security updates and responses to identified vulnerabilities.

collector/msrc-cve
source/Microsoft
agent/software-canonical-lookup
agent/title
agent/references
agent/type
agent/first-publish-date
agent/description
agent/severity
agent/author
agent/weakness
agent/event
collector/msrc
agent/source
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
vendor/microsoft
canonical/microsoft ole db driver 18 for sql server
canonical/microsoft ole db driver 19 for sql server
canonical/microsoft sql server 2022
canonical/microsoft sql server 2019
canonical/microsoft sql server
canonical/microsoft vss writer for sql server 2019
version/microsoft ole db driver 18 for sql server/18.0.2
version/microsoft ole db driver 18 for sql server/19.0.0
version/microsoft vss writer for sql server 2019/15.0.2000.5
version/microsoft vss writer for sql server 2019/15.0.4003.23
version/microsoft sql server/16.0.1000.6
version/microsoft sql server/16.0.4003.1