What is the severity of CVE-2024-37334?

CVE-2024-37334 has been assigned a high severity rating due to its potential for remote code execution.

How do I fix CVE-2024-37334?

To fix CVE-2024-37334, you should apply the relevant security updates and patches provided by Microsoft for affected OLE DB drivers.

Which products are affected by CVE-2024-37334?

CVE-2024-37334 affects several versions of the Microsoft OLE DB Driver for SQL Server and SQL Server 2019 and 2022.

What type of vulnerability is CVE-2024-37334?

CVE-2024-37334 is a remote code execution vulnerability that can be exploited when an attacker sends specially crafted requests to the affected software.

Has CVE-2024-37334 been exploited in the wild?

As of now, there is no public evidence indicating that CVE-2024-37334 has been actively exploited in the wild.

Vulnerability/
CVE-2024-37334

high

8.8

CWE

122

9/7/2024

11/3/2025

CVE-2024-37334: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

First published: Tue Jul 09 2024(Updated: )

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft OLE DB Driver 19 for SQL Server		fix available externally
Microsoft OLE DB Driver 18 for SQL Server		fix available externally
Microsoft SQL Server 2019 for Linux Containers		fix available externally
Microsoft SQL Server 2022		fix available externally
Microsoft SQL Server		fix available externally
Microsoft VSS Writer for SQL Server 2019		fix available externally
Microsoft OLE DB Driver 18 for SQL Server	>=18.0.2<18.7.0004.0
Microsoft OLE DB Driver 18 for SQL Server	>=19.0.0<19.3.0005.0
Microsoft VSS Writer for SQL Server 2019	<15.0.2116.2
Microsoft VSS Writer for SQL Server 2019	>=15.0.4375.4<15.0.4382.1
Microsoft SQL Server	<16.0.1121.4
Microsoft SQL Server	>=16.0.4125.3<16.0.4131.2

Remedy

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37334

Never miss a vulnerability like this again

Reference Links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37334 (Advisory)

Frequently Asked Questions

What is the severity of CVE-2024-37334?
CVE-2024-37334 has been assigned a high severity rating due to its potential for remote code execution.
How do I fix CVE-2024-37334?
To fix CVE-2024-37334, you should apply the relevant security updates and patches provided by Microsoft for affected OLE DB drivers.
Which products are affected by CVE-2024-37334?
CVE-2024-37334 affects several versions of the Microsoft OLE DB Driver for SQL Server and SQL Server 2019 and 2022.
What type of vulnerability is CVE-2024-37334?
CVE-2024-37334 is a remote code execution vulnerability that can be exploited when an attacker sends specially crafted requests to the affected software.
Has CVE-2024-37334 been exploited in the wild?
As of now, there is no public evidence indicating that CVE-2024-37334 has been actively exploited in the wild.

collector/msrc
source/Microsoft
agent/references
agent/type
agent/description
agent/first-publish-date
collector/msrc-cve
agent/software-canonical-lookup
agent/title
agent/severity
agent/weakness
agent/author
agent/event
agent/remedy
agent/source
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/nvd-api
source/NVD
vendor/microsoft
canonical/microsoft ole db driver 19 for sql server
canonical/microsoft ole db driver 18 for sql server
canonical/microsoft sql server 2019 for linux containers
canonical/microsoft sql server 2022
canonical/microsoft sql server
canonical/microsoft vss writer for sql server 2019
version/microsoft ole db driver 18 for sql server/18.0.2
version/microsoft ole db driver 18 for sql server/19.0.0
version/microsoft vss writer for sql server 2019/15.0.4375.4
version/microsoft sql server/16.0.4125.3