Kaspersky LabKLA48844KLA48844 Multiple vulnerabilities in Microsoft SQL Server
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0 Low
EPSS
Percentile
46.0%
Detect date:
04/11/2023
Severity:
High
Description:
Multiple vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to execute arbitrary code.
Affected products:
Microsoft OLE DB Driver 19 for SQL Server
Microsoft SQL Server 2022 for x64-based Systems (GDR)
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR)
Microsoft SQL Server 2019 for x64-based Systems (GDR)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connectivity Pack
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR)
Microsoft SQL Server 2017 for x64-based Systems (GDR)
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR)
Microsoft OLE DB Driver 18 for SQL Server
Microsoft SQL Server 2017 for x64-based Systems (CU 31)
Microsoft SQL Server 2019 for x64-based Systems (CU 18)
Microsoft ODBC Driver 17 for SQL Server
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU 4)
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU 4)
Microsoft ODBC Driver 18 for SQL Server
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2023-23384
CVE-2023-23375
CVE-2023-28304
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2023-233847.3High
CVE-2023-233757.8Critical
CVE-2023-283047.8Critical
KB list:
5021124
5021037
5021129
5021125
5021127
5021126
5021045
5021128
5021522
Microsoft official advisories:
References
support.microsoft.com/kb/5021037
support.microsoft.com/kb/5021045
support.microsoft.com/kb/5021124
support.microsoft.com/kb/5021125
support.microsoft.com/kb/5021126
support.microsoft.com/kb/5021127
support.microsoft.com/kb/5021128
support.microsoft.com/kb/5021129
support.microsoft.com/kb/5021522
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23375
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23384
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28304
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23375
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23384
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28304
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-SQL-Server/
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0 Low
EPSS
Percentile
46.0%