CVE-2024-37965: Microsoft SQL Server Elevation of Privilege Vulnerability
First published: Tue Sep 10 2024(Updated: )
Microsoft SQL Server Elevation of Privilege Vulnerability
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft SQL Server 2017 | ||
| Microsoft SQL Server 2019 for Linux Containers | ||
| Microsoft SQL Server 2022 | ||
| Microsoft SQL Server 2016 Azure Connect Feature Pack | ||
| Microsoft SQL Server | ||
| Microsoft SQL Server 2016 T-SQL Language Service | ||
| Microsoft SQL Server 2016 T-SQL Language Service | >=13.0.6300.2<13.0.6445.1 | |
| Microsoft SQL Server 2016 T-SQL Language Service | >=13.0.7000.253<13.0.7040.1 | |
| Microsoft SQL Server | >=14.0.1000.169<14.0.2060.1 | |
| Microsoft SQL Server | >=14.0.3006.16<14.0.3475.1 | |
| Microsoft SQL Server | >=15.0.2000.5<15.0.2120.1 | |
| Microsoft SQL Server | >=15.0.4003.23<15.0.4390.2 | |
| Microsoft SQL Server | >=16.0.1000.6<16.0.1125.1 | |
| Microsoft SQL Server | >=16.0.4003.1<16.0.4140.3 | |
| Microsoft SQL Server | ||
| Microsoft SQL Server |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-37965?
CVE-2024-37965 is classified as an Elevation of Privilege vulnerability in Microsoft SQL Server.
How do I fix CVE-2024-37965?
To fix CVE-2024-37965, apply the latest security patches provided by Microsoft for the affected versions of SQL Server.
Which products are affected by CVE-2024-37965?
CVE-2024-37965 affects Microsoft SQL Server 2016, 2017, 2019, and 2022 across several update levels.
What versions of SQL Server are vulnerable to CVE-2024-37965?
Vulnerable versions include SQL Server 2016 SP3, SQL Server 2017 (CU 31), SQL Server 2019 (up to CU 28), and SQL Server 2022.
What are the potential impacts of exploiting CVE-2024-37965?
Exploiting CVE-2024-37965 could allow an attacker to gain elevated privileges, potentially compromising database security.
- agent/references
- agent/title
- agent/type
- collector/msrc-cve
- source/Microsoft
- agent/description
- agent/first-publish-date
- collector/msrc
- agent/weakness
- agent/severity
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/last-modified-date
- agent/event
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- vendor/microsoft
- canonical/microsoft sql server 2017
- canonical/microsoft sql server 2019 for linux containers
- canonical/microsoft sql server 2022
- canonical/microsoft sql server 2016 azure connect feature pack
- canonical/microsoft sql server
- canonical/microsoft sql server 2016 t-sql language service
- version/microsoft sql server 2016 t-sql language service/13.0.6300.2
- version/microsoft sql server 2016 t-sql language service/13.0.7000.253
- version/microsoft sql server/14.0.1000.169
- version/microsoft sql server/14.0.3006.16
- version/microsoft sql server/15.0.2000.5
- version/microsoft sql server/15.0.4003.23
- version/microsoft sql server/16.0.1000.6
- version/microsoft sql server/16.0.4003.1