What is the severity of CVE-2024-28933?

CVE-2024-28933 has been classified as a critical vulnerability due to its potential for remote code execution.

How do I fix CVE-2024-28933?

To fix CVE-2024-28933, update the affected Microsoft SQL Server or ODBC Driver to the latest version provided in the Microsoft patches.

Which versions of Microsoft SQL Server are affected by CVE-2024-28933?

CVE-2024-28933 affects Microsoft SQL Server 2019 and Microsoft SQL Server 2022, among other versions.

Can CVE-2024-28933 lead to data breaches?

Yes, CVE-2024-28933 can lead to data breaches as it allows remote attackers to execute arbitrary code on vulnerable systems.

What products are impacted by CVE-2024-28933?

CVE-2024-28933 impacts Microsoft SQL Server, Visual Studio, and the ODBC Driver for SQL Server across various platforms.

Vulnerability/
CVE-2024-28933

high

8.8

CWE

191

9/4/2024

23/1/2025

CVE-2024-28933: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

First published: Tue Apr 09 2024(Updated: )

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft ODBC Driver 18 for SQL Server		fix available externally
Microsoft ODBC Driver 17 for SQL Server		fix available externally
Microsoft ODBC Driver 17 for SQL Server		fix available externally
Microsoft ODBC Driver 18 for SQL Server		fix available externally
Microsoft ODBC Driver 17 for SQL Server		fix available externally
Microsoft ODBC Driver 18 for SQL Server		fix available externally
Microsoft SQL Server 2022		fix available externally
Microsoft SQL Server 2022		fix available externally
Microsoft SQL Server 2019		fix available externally
Microsoft SQL Server 2019		fix available externally
Microsoft Visual Studio 2019	=16.11	fix available externally
Visual Studio Professional 2022	=17.6	fix available externally
Visual Studio Professional 2022	=17.9	fix available externally
Microsoft SQL Server		fix available externally
Microsoft SQL Server		fix available externally
Microsoft ODBC Driver 13 for SQL Server	>=17.0.1.1<17.10.6.1
Microsoft ODBC Driver 13 for SQL Server	>=17.0.1.1<17.10.6.1
Microsoft ODBC Driver 13 for SQL Server	>=17.0.1.1<17.10.6.1
Microsoft ODBC Driver 13 for SQL Server	>=18.0.1.1<18.3.3.1
Microsoft ODBC Driver 13 for SQL Server	>=18.0.1.1<18.3.3.1
Microsoft ODBC Driver 13 for SQL Server	>=18.0.1.1<18.3.3.1
Microsoft SQL Server	>=15.0.2000.5<15.0.2110.4
Microsoft SQL Server	>=15.0.4003.23<15.0.4360.2
Microsoft SQL Server	>=16.0.1000.6<16.0.1115.1
Microsoft SQL Server	>=16.0.4003.1<16.0.4120.1
Visual Studio Professional 2019	>=16.0<16.11.35
Visual Studio Professional 2022	>=17.4.0<17.4.18
Visual Studio Professional 2022	>=17.6.0<17.6.14
Visual Studio Professional 2022	>=17.8.0<17.8.9
Visual Studio Professional 2022	>=17.9.0<17.9.6

Never miss a vulnerability like this again

Reference Links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933 (Advisory)

Frequently Asked Questions

What is the severity of CVE-2024-28933?
CVE-2024-28933 has been classified as a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2024-28933?
To fix CVE-2024-28933, update the affected Microsoft SQL Server or ODBC Driver to the latest version provided in the Microsoft patches.
Which versions of Microsoft SQL Server are affected by CVE-2024-28933?
CVE-2024-28933 affects Microsoft SQL Server 2019 and Microsoft SQL Server 2022, among other versions.
Can CVE-2024-28933 lead to data breaches?
Yes, CVE-2024-28933 can lead to data breaches as it allows remote attackers to execute arbitrary code on vulnerable systems.
What products are impacted by CVE-2024-28933?
CVE-2024-28933 impacts Microsoft SQL Server, Visual Studio, and the ODBC Driver for SQL Server across various platforms.

agent/title
agent/references
agent/type
agent/first-publish-date
agent/description
agent/severity
agent/author
agent/weakness
agent/event
collector/msrc
source/Microsoft
collector/msrc-cve
agent/source
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/tags
collector/nvd-api
source/NVD
agent/softwarecombine
vendor/microsoft
canonical/microsoft odbc driver 18 for sql server
canonical/microsoft odbc driver 17 for sql server
canonical/microsoft sql server 2022
canonical/microsoft sql server 2019
canonical/microsoft visual studio 2019
version/microsoft visual studio 2019/16.11
canonical/visual studio professional 2022
version/visual studio professional 2022/17.6
version/visual studio professional 2022/17.4
version/visual studio professional 2022/17.9
version/visual studio professional 2022/17.8
canonical/microsoft sql server
canonical/microsoft odbc driver 13 for sql server
version/microsoft odbc driver 13 for sql server/17.0.1.1
version/microsoft odbc driver 13 for sql server/18.0.1.1
version/microsoft sql server/15.0.2000.5
version/microsoft sql server/15.0.4003.23
version/microsoft sql server/16.0.1000.6
version/microsoft sql server/16.0.4003.1
canonical/visual studio professional 2019
version/visual studio professional 2019/16.0
version/visual studio professional 2022/17.4.0
version/visual studio professional 2022/17.6.0
version/visual studio professional 2022/17.8.0
version/visual studio professional 2022/17.9.0