First published: Tue Nov 12 2024(Updated: )
SQL Server Native Client Remote Code Execution Vulnerability
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft SQL Server 2019 | ||
Microsoft SQL Server 2017 | ||
Microsoft SQL Server 2016 | ||
Microsoft SQL Server 2016 Azure Connect Feature Pack | ||
Microsoft SQL Server 2017 (CU 31) | ||
Microsoft SQL Server 2019 (CU 29) | ||
Microsoft SQL Server 2016 | >=13.0.6300.2<13.0.6455.2 | |
Microsoft SQL Server 2016 | >=13.0.7000.253<13.0.7050.2 | |
Microsoft SQL Server 2017 | >=14.0.1000.169<14.0.2070.1 | |
Microsoft SQL Server 2017 | >=14.0.3006.16<14.0.3485.1 | |
Microsoft SQL Server 2019 | >=15.0.2000.5<15.0.2130.3 | |
Microsoft SQL Server 2019 | >=15.0.4003.23<15.0.4410.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-49005 has been assessed as a critical vulnerability due to the potential for remote code execution.
To address CVE-2024-49005, apply the latest security updates or patches provided by Microsoft for the affected SQL Server versions.
CVE-2024-49005 affects Microsoft SQL Server 2016, 2017, and 2019, particularly certain versions and cumulative updates.
Exploitation of CVE-2024-49005 could allow an attacker to execute arbitrary code remotely on the affected SQL Server instance.
There are no specific workarounds for CVE-2024-49005; the recommended mitigation is to apply the provided patches promptly.