What is the severity of CVE-2024-28935?

CVE-2024-28935 is classified as a remote code execution vulnerability that poses a significant risk.

How do I fix CVE-2024-28935?

To mitigate CVE-2024-28935, update the affected Microsoft ODBC Driver for SQL Server and Visual Studio to the latest versions as specified in the official patch notes.

Which versions of Visual Studio are affected by CVE-2024-28935?

CVE-2024-28935 affects Microsoft Visual Studio 2022 versions 17.4 and 17.9, and Visual Studio 2019 version 16.11.

What types of systems are vulnerable under CVE-2024-28935?

CVE-2024-28935 affects Windows, MacOS, and Linux systems that utilize the Microsoft ODBC Driver for SQL Server.

What are the potential impacts of CVE-2024-28935?

Exploitation of CVE-2024-28935 could allow an attacker to execute arbitrary code on the affected system, potentially compromising system security.

Vulnerability/
CVE-2024-28935

high

8.8

CWE

122

9/4/2024

23/1/2025

CVE-2024-28935: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

First published: Tue Apr 09 2024(Updated: )

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft ODBC Driver 17 for SQL Server		fix available externally
Microsoft ODBC Driver 18 for SQL Server		fix available externally
Microsoft ODBC Driver 18 for SQL Server		fix available externally
Microsoft ODBC Driver 17 for SQL Server		fix available externally
Microsoft ODBC Driver 17 for SQL Server		fix available externally
Microsoft ODBC Driver 18 for SQL Server		fix available externally
Microsoft SQL Server 2022		fix available externally
Microsoft SQL Server 2022		fix available externally
Microsoft SQL Server 2019		fix available externally
Microsoft SQL Server 2019		fix available externally
Microsoft Visual Studio 2019	=16.11	fix available externally
Visual Studio Professional 2022	=17.9	fix available externally
Visual Studio Professional 2022	=17.4	fix available externally
Microsoft SQL Server		fix available externally
Microsoft SQL Server		fix available externally
Microsoft ODBC Driver 13 for SQL Server	>=17.0.1.1<17.10.6.1
Microsoft ODBC Driver 13 for SQL Server	>=17.0.1.1<17.10.6.1
Microsoft ODBC Driver 13 for SQL Server	>=17.0.1.1<17.10.6.1
Microsoft ODBC Driver 13 for SQL Server	>=18.0.1.1<18.3.3.1
Microsoft ODBC Driver 13 for SQL Server	>=18.0.1.1<18.3.3.1
Microsoft ODBC Driver 13 for SQL Server	>=18.0.1.1<18.3.3.1
Microsoft SQL Server	>=15.0.2000.5<15.0.2110.4
Microsoft SQL Server	>=15.0.4003.23<15.0.4360.2
Microsoft SQL Server	>=16.0.1000.6<16.0.1115.1
Microsoft SQL Server	>=16.0.4003.1<16.0.4120.1
Visual Studio Professional 2019	>=16.0<16.11.35
Visual Studio Professional 2022	>=17.4.0<17.4.18
Visual Studio Professional 2022	>=17.6.0<17.6.14
Visual Studio Professional 2022	>=17.8.0<17.8.9
Visual Studio Professional 2022	>=17.9.0<17.9.6

Never miss a vulnerability like this again

Reference Links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935 (Advisory)

Frequently Asked Questions

What is the severity of CVE-2024-28935?
CVE-2024-28935 is classified as a remote code execution vulnerability that poses a significant risk.
How do I fix CVE-2024-28935?
To mitigate CVE-2024-28935, update the affected Microsoft ODBC Driver for SQL Server and Visual Studio to the latest versions as specified in the official patch notes.
Which versions of Visual Studio are affected by CVE-2024-28935?
CVE-2024-28935 affects Microsoft Visual Studio 2022 versions 17.4 and 17.9, and Visual Studio 2019 version 16.11.
What types of systems are vulnerable under CVE-2024-28935?
CVE-2024-28935 affects Windows, MacOS, and Linux systems that utilize the Microsoft ODBC Driver for SQL Server.
What are the potential impacts of CVE-2024-28935?
Exploitation of CVE-2024-28935 could allow an attacker to execute arbitrary code on the affected system, potentially compromising system security.

agent/title
agent/references
agent/type
agent/first-publish-date
agent/description
agent/severity
agent/author
agent/weakness
agent/event
collector/msrc
source/Microsoft
collector/msrc-cve
agent/source
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/tags
agent/softwarecombine
collector/nvd-api
source/NVD
vendor/microsoft
canonical/microsoft odbc driver 17 for sql server
canonical/microsoft odbc driver 18 for sql server
canonical/microsoft sql server 2022
canonical/microsoft sql server 2019
canonical/microsoft visual studio 2019
version/microsoft visual studio 2019/16.11
canonical/visual studio professional 2022
version/visual studio professional 2022/17.9
version/visual studio professional 2022/17.4
version/visual studio professional 2022/17.6
version/visual studio professional 2022/17.8
canonical/microsoft sql server
canonical/microsoft odbc driver 13 for sql server
version/microsoft odbc driver 13 for sql server/17.0.1.1
version/microsoft odbc driver 13 for sql server/18.0.1.1
version/microsoft sql server/15.0.2000.5
version/microsoft sql server/15.0.4003.23
version/microsoft sql server/16.0.1000.6
version/microsoft sql server/16.0.4003.1
canonical/visual studio professional 2019
version/visual studio professional 2019/16.0
version/visual studio professional 2022/17.4.0
version/visual studio professional 2022/17.6.0
version/visual studio professional 2022/17.8.0
version/visual studio professional 2022/17.9.0