About CVE-2023-32027, CVE-2023-32026, CVE-2023-32025, CVE-2023-29356, and CVE-2023-29349. Carefully observe and speculate on design weaknesses in ODBC and OLE DB remote code execution vulnerabilities. (June 16, 2023)

Preface: Since Microsoft didn’t provide details. In this example, no dangerous code is included, just my speculation about a design weakness in the ODBC Driver for SQL Server for this week’s Patch Tuesday.

Background: Switch to the new Microsoft OLE DB Driver (MSOLEDBSQL) for SQL Server or the latest Microsoft ODBC Driver for SQL Server going forward.
The SQL Server Native Client (often abbreviated SNAC) has been removed from SQL Server 2022 (16.x) and SQL Server Management Studio 19 (SSMS). The SQL Server Native Client (SQLNCLI or SQLNCLI11) and the legacy Microsoft OLE DB Provider for SQL Server (SQLOLEDB) are not recommended for new application development. Switch to the new Microsoft OLE DB Driver (MSOLEDBSQL) for SQL Server or the latest Microsoft ODBC Driver for SQL Server going forward. For SQLNCLI that ships as a component of SQL Server Database Engine (versions 2012 through 2019).

Vulnerability details:
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability:
CVE-2023-32027, CVE-2023-32026, CVE-2023-32025 , CVE-2023-29356
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
CVE-2023-29349

Office announcement: For details, please refer to link – https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349

Cyber security technical information

About CVE-2023-32027, CVE-2023-32026, CVE-2023-32025, CVE-2023-29356, and CVE-2023-29349. Carefully observe and speculate on design weaknesses in ODBC and OLE DB remote code execution vulnerabilities. (June 16, 2023)

Leave a Reply Cancel reply

antihackingonline.com