SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-35272

8.8HIGH

Key Information:

Vendor

Microsoft
Status
Microsoft Visual Studio 2017 Version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2019 Version 16.11 (includes 16.0 - 16.10)
Microsoft Visual Studio 2022 Version 17.6
Microsoft Visual Studio 2022 Version 17.8
Vendor
CVE Published:
9 July 2024

What is CVE-2024-35272?

The SQL Server Native Client OLE DB Provider contains a vulnerability that allows remote code execution through crafted input. Attackers with the ability to send a specially crafted request to an affected SQL Server could exploit this vulnerability, potentially leading to unauthorized access and control over systems. Proper patching of affected systems is crucial to mitigate risks associated with this vulnerability, as it can expose sensitive data and compromise system integrity. For more details, refer to Microsoft's advisory.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Microsoft SQL Server 2016 Service Pack 3 (GDR) x64-based Systems 13.0.0 < 13.0.6441.1

Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack x64-based Systems 13.0.0 < 13.0.7037.1

Microsoft SQL Server 2017 (CU 31) x64-based Systems 14.0.0 < 14.0.3471.2

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

JSON
.