CVE-2024-28934: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
First published: Tue Apr 09 2024(Updated: )
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft ODBC Driver 17 for SQL Server | ||
| Microsoft ODBC Driver 18 for SQL Server | ||
| Microsoft ODBC Driver 18 for SQL Server | ||
| Microsoft ODBC Driver 18 for SQL Server | ||
| Microsoft ODBC Driver 17 for SQL Server | ||
| Microsoft ODBC Driver 17 for SQL Server | ||
| Microsoft SQL Server 2022 | ||
| Microsoft SQL Server 2019 | ||
| Microsoft SQL Server 2019 | ||
| Microsoft Visual Studio 2019 | =16.11 | |
| Visual Studio Professional 2022 | =17.4 | |
| Visual Studio Professional 2022 | =17.9 | |
| Microsoft SQL Server | ||
| Microsoft SQL Server | ||
| Microsoft ODBC Driver 13 for SQL Server | >=17.0.1.1<17.10.6.1 | |
| Microsoft ODBC Driver 13 for SQL Server | >=17.0.1.1<17.10.6.1 | |
| Microsoft ODBC Driver 13 for SQL Server | >=17.0.1.1<17.10.6.1 | |
| Microsoft ODBC Driver 13 for SQL Server | >=18.0.1.1<18.3.3.1 | |
| Microsoft ODBC Driver 13 for SQL Server | >=18.0.1.1<18.3.3.1 | |
| Microsoft ODBC Driver 13 for SQL Server | >=18.0.1.1<18.3.3.1 | |
| Microsoft SQL Server | >=15.0.2000.5<15.0.2110.4 | |
| Microsoft SQL Server | >=15.0.4003.23<15.0.4360.2 | |
| Microsoft SQL Server | >=16.0.1000.6<16.0.1115.1 | |
| Microsoft SQL Server | >=16.0.4003.1<16.0.4120.1 | |
| Visual Studio Professional 2019 | >=16.0<16.11.35 | |
| Visual Studio Professional 2022 | >=17.4.0<17.4.18 | |
| Visual Studio Professional 2022 | >=17.6.0<17.6.14 | |
| Visual Studio Professional 2022 | >=17.8.0<17.8.9 | |
| Visual Studio Professional 2022 | >=17.9.0<17.9.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-28934?
CVE-2024-28934 has been classified with a high severity level due to its potential for remote code execution.
How do I fix CVE-2024-28934?
To fix CVE-2024-28934, it is essential to apply the latest patches provided by Microsoft for the affected software.
Which software is affected by CVE-2024-28934?
CVE-2024-28934 affects various versions of Microsoft ODBC Driver for SQL Server and Microsoft SQL Server, including SQL Server 2019 and 2022.
What are the potential impacts of exploiting CVE-2024-28934?
Exploiting CVE-2024-28934 could allow an attacker to execute arbitrary code on the affected system with the privileges of the application using the vulnerable driver.
Are there specific patches for different versions concerning CVE-2024-28934?
Yes, each affected version of the software has specific patches available from Microsoft to mitigate CVE-2024-28934.
- agent/references
- agent/title
- agent/first-publish-date
- agent/type
- agent/description
- agent/severity
- agent/author
- agent/weakness
- agent/event
- collector/msrc
- source/Microsoft
- collector/msrc-cve
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- vendor/microsoft
- canonical/microsoft odbc driver 17 for sql server
- canonical/microsoft odbc driver 18 for sql server
- canonical/microsoft sql server 2022
- canonical/microsoft sql server 2019
- canonical/microsoft visual studio 2019
- version/microsoft visual studio 2019/16.11
- canonical/visual studio professional 2022
- version/visual studio professional 2022/17.4
- version/visual studio professional 2022/17.6
- version/visual studio professional 2022/17.9
- version/visual studio professional 2022/17.8
- canonical/microsoft sql server
- canonical/microsoft odbc driver 13 for sql server
- version/microsoft odbc driver 13 for sql server/17.0.1.1
- version/microsoft odbc driver 13 for sql server/18.0.1.1
- version/microsoft sql server/15.0.2000.5
- version/microsoft sql server/15.0.4003.23
- version/microsoft sql server/16.0.1000.6
- version/microsoft sql server/16.0.4003.1
- canonical/visual studio professional 2019
- version/visual studio professional 2019/16.0
- version/visual studio professional 2022/17.4.0
- version/visual studio professional 2022/17.6.0
- version/visual studio professional 2022/17.8.0
- version/visual studio professional 2022/17.9.0