Preface: Since Microsoft didn’t provide details. In this example, no dangerous code is included, just my speculation about a design weakness in the ODBC Driver for SQL Server for this week’s Patch Tuesday.
Background: Switch to the new Microsoft OLE DB Driver (MSOLEDBSQL) for SQL Server or the latest Microsoft ODBC Driver for SQL Server going forward.
The SQL Server Native Client (often abbreviated SNAC) has been removed from SQL Server 2022 (16.x) and SQL Server Management Studio 19 (SSMS). The SQL Server Native Client (SQLNCLI or SQLNCLI11) and the legacy Microsoft OLE DB Provider for SQL Server (SQLOLEDB) are not recommended for new application development. Switch to the new Microsoft OLE DB Driver (MSOLEDBSQL) for SQL Server or the latest Microsoft ODBC Driver for SQL Server going forward. For SQLNCLI that ships as a component of SQL Server Database Engine (versions 2012 through 2019).
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability:
CVE-2023-32027, CVE-2023-32026, CVE-2023-32025 , CVE-2023-29356
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
Office announcement: For details, please refer to link – https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349