Kaspersky LabKLA65509KLA65509 Multiple vulnerabilities in Microsoft SQL Server
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
39.0%
Multiple vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to execute arbitrary code.
Below is a complete list of vulnerabilities:
- A remote code execution vulnerability in Microsoft OLE DB Driver for SQL Server can be exploited remotely to execute arbitrary code.
- A remote code execution vulnerability in Microsoft ODBC Driver for SQL Server can be exploited remotely to execute arbitrary code.
Original advisories
Related products
CVE list
CVE-2024-28933 high
CVE-2024-28931 high
CVE-2024-28932 high
CVE-2024-28936 high
CVE-2024-28937 high
CVE-2024-28935 high
CVE-2024-28938 high
CVE-2024-28929 high
CVE-2024-28930 high
CVE-2024-28934 high
CVE-2024-28942 high
CVE-2024-28911 high
CVE-2024-28910 high
CVE-2024-29044 high
CVE-2024-29985 high
CVE-2024-28915 high
CVE-2024-29982 high
CVE-2024-29045 high
CVE-2024-28927 high
CVE-2024-28943 high
CVE-2024-28906 high
CVE-2024-28940 high
CVE-2024-28914 high
CVE-2024-28908 high
CVE-2024-29048 high
CVE-2024-29047 high
CVE-2024-28945 high
CVE-2024-28912 high
CVE-2024-28926 high
CVE-2024-28941 high
CVE-2024-29984 high
CVE-2024-29046 high
CVE-2024-29983 high
CVE-2024-28909 high
CVE-2024-29043 high
CVE-2024-28913 high
CVE-2024-28944 high
CVE-2024-28939 high
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Affected Products
- Microsoft ODBC Driver 18 for SQL Server on WindowsMicrosoft SQL Server 2022 for x64-based Systems (CU 12)Microsoft SQL Server 2019 for x64-based Systems (GDR)Microsoft ODBC Driver 18 for SQL Server on MacOSMicrosoft SQL Server 2022 for x64-based Systems (GDR)Microsoft ODBC Driver 17 for SQL Server on WindowsMicrosoft ODBC Driver 17 for SQL Server on LinuxMicrosoft SQL Server 2019 for x64-based Systems (CU 25)Microsoft ODBC Driver 17 for SQL Server on MacOSMicrosoft OLE DB Driver 18 for SQL ServerMicrosoft ODBC Driver 18 for SQL Server on LinuxMicrosoft OLE DB Driver 19 for SQL Server
References
support.microsoft.com/kb/5035432
support.microsoft.com/kb/5035434
support.microsoft.com/kb/5036335
support.microsoft.com/kb/5036343
support.microsoft.com/kb/5037570
support.microsoft.com/kb/5037571
support.microsoft.com/kb/5037572
support.microsoft.com/kb/5037573
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28906
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28908
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28909
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28910
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28911
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28912
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28913
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28914
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28915
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28926
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28927
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28939
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28940
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28941
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28942
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28943
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28944
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28945
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29043
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29044
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29045
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29046
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29047
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29048
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29982
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29983
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29984
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29985
statistics.securelist.com/
threats.kaspersky.com/en/product/Microsoft-SQL-Server/
threats.kaspersky.com/en/product/Microsoft-Windows/
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
39.0%