Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2023-23384

7.3HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Sql Server 2008 Service Pack 4 (qfe); Microsoft Sql Server 2012 Service Pack 4 (qfe); Microsoft Sql Server 2012 For X64-based Systems Service Pack 4 (qfe); Microsoft Sql Server 2017 (gdr)
Vendor: CVE Published:; 11 April 2023

Summary

A significant vulnerability in Microsoft SQL Server could allow an attacker to execute arbitrary code remotely, potentially compromising the integrity and confidentiality of the database environment. This vulnerability poses a threat to user data and overall system security, making it crucial for organizations to apply necessary updates and mitigations promptly. For more details, please refer to the official Microsoft advisory.

Affected Version(s)

Microsoft SQL Server 2008 R2 Service Pack 3 (QFE) 32-bit Systems 10.0.0 < 10.50.6785.2

Microsoft SQL Server 2008 Service Pack 4 (QFE) 32-bit Systems 10.0.0 < 10.0.6814.4

Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE) x64-based Systems 11.0.0 < 11.0.7512.11

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 11, 2023
Vulnerability Reserved
Jan 11, 2023