SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49018

8.8HIGH

Key Information:

Vendor

Microsoft
Status
Microsoft Sql Server 2017 (gdr)
Microsoft Sql Server 2019 (gdr)
Microsoft Sql Server 2016 Service Pack 3 (gdr)
Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack
Vendor
CVE Published:
12 November 2024

What is CVE-2024-49018?

The SQL Server Native Client presents a vulnerability that could allow for remote code execution. This flaw can occur when the SQL Server Native Client does not properly handle certain requests. Exploiting this vulnerability lets an attacker potentially execute arbitrary code on the affected system, compromising sensitive data and affecting overall system integrity. It is critical for users and administrators of the SQL Server Native Client to apply the necessary updates and patches to secure their systems and mitigate the risk of exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Microsoft SQL Server 2016 Service Pack 3 (GDR) x64-based Systems 13.0.0 < 13.0.6455.2

Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack x64-based Systems 13.0.0 < 13.0.7050.2

Microsoft SQL Server 2017 (CU 31) x64-based Systems 14.0.0 < 14.0.3485.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

JSON
.