Severity
High
Analysis Summary
CVE-2024-49004 CVSS:8.8
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by an error in the Native Client. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-49003 CVSS:8.8
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by an error in the Native Client. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-49008 CVSS:8.8
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by an error in the Native Client. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-48996 CVSS:8.8
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by an error in the Native Client. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-48994 CVSS:8.8
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by an error in the Native Client. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-49002 CVSS:8.8
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by an error in the Native Client. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-49001 CVSS:8.8
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by an error in the Native Client. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-49012 CVSS:8.8
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by an error in the Native Client. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-48997 CVSS:8.8
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by an error in the Native Client. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-49006 CVSS:8.8
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by an error in the Native Client. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
Indicators of Compromise
CVE
- CVE-2024-49004
- CVE-2024-49003
- CVE-2024-49008
- CVE-2024-48996
- CVE-2024-48994
- CVE-2024-49002
- CVE-2024-49001
- CVE-2024-49012
- CVE-2024-48997
- CVE-2024-49006
Affected Vendors
Affected Products
- Microsoft SQL Server 2017 (GDR) - 14.0.0
- Microsoft SQL Server 2019 (GDR) - 15.0.0
- Microsoft SQL Server 2016 Service Pack 3 (GDR) - 13.0.0
- Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack - 13.0.0
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.