Severity
High
Analysis Summary
CVE-2023-36785 CVSS:7.8
Microsoft SQL ODBC Driver could allow a local attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36417 CVSS:7.8
Microsoft SQL OLE DB could allow a local attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36420 CVSS 7.3
Microsoft SQL ODBC Driver could allow a local authenticated attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
Indicators Of Compromise
CVE
- CVE-2023-36785
- CVE-2023-36417
- CVE-2023-36420
Affected Vendors
Microsoft
Affected Products
- Microsoft SQL Server 2019 for X64-based systems (GDR) x64
- Microsoft SQL Server 2022 for X64-based systems (GDR) x64
- Microsoft OLE DB Driver 19 for SQL Server
- Microsoft OLE DB Driver 18 for SQL Server
- Microsoft ODBC Driver 17 for SQL Server
- Microsoft SQL Server 2022 for x64-based Systems (CU 5)
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.