March 10, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Microsoft Windows Vulnerabilities
April 15, 2024Roku Data Breach Impacts More Than Half a Million Users
April 15, 2024Multiple Microsoft Windows Vulnerabilities
April 15, 2024Roku Data Breach Impacts More Than Half a Million Users
April 15, 2024
Severity
High
Analysis Summary
CVE-2024-28940 CVSS:8.8
Microsoft OLE DB Driver for SQL Server could allow a remote attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-28944 CVSS:8.8
Microsoft OLE DB Driver for SQL Server could allow a remote attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-28908 CVSS:8.8
Microsoft OLE DB Driver for SQL Server could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-29985 CVSS:8.8
Microsoft OLE DB Driver for SQL Server could allow a remote attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-28945 CVSS:8.8
Microsoft OLE DB Driver for SQL Server could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-28913 CVSS:8.8
Microsoft OLE DB Driver for SQL Server could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-28939 CVSS:8.8
Microsoft OLE DB Driver for SQL Server could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-28906 CVSS:8.8
Microsoft OLE DB Driver for SQL Server could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-28934 CVSS:8.8
Microsoft OLE DB Driver for SQL Server could allow a remote attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-28942 CVSS:8.8
Microsoft OLE DB Driver for SQL Server could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-28940
- CVE-2024-28944
- CVE-2024-28908
- CVE-2024-29985
- CVE-2024-28945
- CVE-2024-28942
- CVE-2024-28913
- CVE-2024-28939
- CVE-2024-28906
- CVE-2024-28934
Affected Vendors
Microsoft
Affected Products
- Microsoft SQL Server 2019 for X64-based systems (GDR) x64
- Microsoft SQL Server 2022 for X64-based systems (GDR) x64
- Microsoft OLE DB Driver 19 for SQL Server
- Microsoft OLE DB Driver 18 for SQL Server
- Microsoft ODBC Driver 17 for SQL Server on Linux
- Microsoft ODBC Driver 17 for SQL Server on MacOS
- Microsoft ODBC Driver 17 for SQL Server on Windows
- Microsoft ODBC Driver 18 for SQL Server on Linux
- Microsoft ODBC Driver 18 for SQL Server on MacOS
- Microsoft ODBC Driver 18 for SQL Server on Windows
- Microsoft SQL Server 2019 for x64-based Systems (CU 25)
- Microsoft SQL Server 2022 for x64-based Systems (CU 12)
- Microsoft Visual Studio 2022 version 17.9
- Microsoft Visual Studio 2022 version 17.8
- Microsoft Visual Studio 2022 version 17.6
- Microsoft Visual Studio 2022 version 17.4
- Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.