What is the severity of CVE-2024-49001?

CVE-2024-49001 is categorized as a remote code execution vulnerability, which can allow an attacker to execute arbitrary code on the affected system.

How do I fix CVE-2024-49001?

To remediate CVE-2024-49001, apply the latest security patch provided by Microsoft for the affected SQL Server versions.

Which SQL Server versions are affected by CVE-2024-49001?

CVE-2024-49001 affects Microsoft SQL Server 2016, 2017, and 2019, including specific builds and patch levels.

What are the potential impacts of CVE-2024-49001?

Exploitation of CVE-2024-49001 can lead to unauthorized remote access and control of the SQL Server instance.

Is there a workaround for CVE-2024-49001?

While the best solution is to apply the patch, temporarily limiting network access to the SQL Server may reduce exposure until a fix can be implemented.

Vulnerability/
CVE-2024-49001

high

8.8

CWE

122

12/11/2024

30/1/2025

CVE-2024-49001: SQL Server Native Client Remote Code Execution Vulnerability

First published: Tue Nov 12 2024(Updated: )

SQL Server Native Client Remote Code Execution Vulnerability

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft SQL Server 2017		fix available externally
Microsoft SQL Server 2016 Azure Connect Feature Pack		fix available externally
Microsoft SQL Server 2019		fix available externally
Microsoft SQL Server		fix available externally
Microsoft SQL Server LocalDB 2016		fix available externally
Microsoft VSS Writer for SQL Server 2019		fix available externally
Microsoft SQL Server LocalDB 2016	>=13.0.6300.2<13.0.6455.2
Microsoft SQL Server LocalDB 2016	>=13.0.7000.253<13.0.7050.2
Microsoft SQL Server	>=14.0.1000.169<14.0.2070.1
Microsoft SQL Server	>=14.0.3006.16<14.0.3485.1
Microsoft VSS Writer for SQL Server 2019	>=15.0.2000.5<15.0.2130.3
Microsoft VSS Writer for SQL Server 2019	>=15.0.4003.23<15.0.4410.1

Remedy

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49001

Never miss a vulnerability like this again

Reference Links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49001 (Advisory)

Frequently Asked Questions

What is the severity of CVE-2024-49001?
CVE-2024-49001 is categorized as a remote code execution vulnerability, which can allow an attacker to execute arbitrary code on the affected system.
How do I fix CVE-2024-49001?
To remediate CVE-2024-49001, apply the latest security patch provided by Microsoft for the affected SQL Server versions.
Which SQL Server versions are affected by CVE-2024-49001?
CVE-2024-49001 affects Microsoft SQL Server 2016, 2017, and 2019, including specific builds and patch levels.
What are the potential impacts of CVE-2024-49001?
Exploitation of CVE-2024-49001 can lead to unauthorized remote access and control of the SQL Server instance.
Is there a workaround for CVE-2024-49001?
While the best solution is to apply the patch, temporarily limiting network access to the SQL Server may reduce exposure until a fix can be implemented.

collector/msrc
source/Microsoft
agent/references
agent/first-publish-date
agent/type
agent/description
collector/msrc-cve
agent/title
agent/severity
agent/author
agent/weakness
agent/event
agent/remedy
agent/trending
agent/source
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
vendor/microsoft
canonical/microsoft sql server 2017
canonical/microsoft sql server 2016 azure connect feature pack
canonical/microsoft sql server 2019
canonical/microsoft sql server
canonical/microsoft sql server localdb 2016
canonical/microsoft vss writer for sql server 2019
version/microsoft sql server localdb 2016/13.0.6300.2
version/microsoft sql server localdb 2016/13.0.7000.253
version/microsoft sql server/14.0.1000.169
version/microsoft sql server/14.0.3006.16
version/microsoft vss writer for sql server 2019/15.0.2000.5
version/microsoft vss writer for sql server 2019/15.0.4003.23