KLA61355 Multiple vulnerabilities in Microsoft SQL Server

Detect date:

10/10/2023

Severity:

High

Description:

Multiple vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.

Affected products:

Microsoft SQL Server 2022 for x64-based Systems (GDR)
Microsoft SQL Server 2019 for x64-based Systems (CU 22)
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR)
Microsoft ODBC Driver 17 for SQL Server on Linux
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack
Microsoft SQL Server 2019 for x64-based Systems (GDR)
Microsoft ODBC Driver 17 for SQL Server on MacOS
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR)
Microsoft OLE DB Driver 19 for SQL Server
Microsoft SQL Server 2022 for x64-based Systems (CU 8)
Microsoft ODBC Driver 17 for SQL Server on Windows
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU 4)
Microsoft ODBC Driver 18 for SQL Server on Linux
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR)
Microsoft SQL Server 2017 for x64-based Systems (GDR)
Microsoft ODBC Driver 18 for SQL Server on Windows
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU 4)
Microsoft OLE DB Driver 18 for SQL Server
Microsoft SQL Server 2017 for x64-based Systems (CU 31)
Microsoft ODBC Driver 18 for SQL Server on MacOS

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2023-36730
CVE-2023-36728
CVE-2023-36420
CVE-2023-36417
CVE-2023-36785

Impacts:

ACE

Related products:

Microsoft SQL Server

KB list:

5029184
5029185
5029187
5029376
5029375
5029379
5029377
5029186
5029378
5029503