CVE-2024-28910 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2024-28910?

CVE-2024-28910 has a CVSS score of 8.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code on systems using Microsoft OLE DB Driver for SQL Server by sending specially crafted requests. It affects applications and services that use this driver to connect to SQL Server databases. Attackers could gain full control of affected systems.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on systems using Microsoft OLE DB Driver for SQL Server by sending specially crafted requests. It affects applications and services that use this driver to connect to SQL Server databases. Attackers could gain full control of affected systems.

💻 Affected Systems

Products:

Microsoft OLE DB Driver for SQL Server

Versions: All versions prior to the patched release

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Any application using the vulnerable OLE DB driver version is affected, regardless of SQL Server version.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to data theft, ransomware deployment, or persistent backdoor installation across the enterprise.

🟠

Likely Case

Attacker gains initial foothold on database servers, then moves laterally to compromise sensitive data and critical systems.

🟢

If Mitigated

Attack contained to isolated database server segment with minimal data exposure due to network segmentation and least privilege.

🌐 Internet-Facing: HIGH if SQL Server connections are exposed to internet; attackers can directly exploit without internal access.

🏢 Internal Only: HIGH due to potential for lateral movement once attacker gains internal network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires network access to systems using the vulnerable driver, but no authentication is needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest version from Microsoft Update Catalog

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28910

Restart Required: Yes

Instructions:

1. Apply Microsoft security updates via Windows Update or Microsoft Update Catalog. 2. Restart affected systems. 3. Update all applications using OLE DB Driver for SQL Server.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to SQL Server connections using firewall rules.

Application Whitelisting

windows

Block unauthorized applications from using OLE DB drivers.

🧯 If You Can't Patch

Implement strict network segmentation to isolate database servers
Deploy intrusion detection systems to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check OLE DB Driver version in installed programs or registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSOLEDBSQL

Check Version:

reg query "HKLM\SOFTWARE\Microsoft\MSOLEDBSQL" /v Version

Verify Fix Applied:

Verify updated driver version is installed and no longer matches vulnerable versions.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL connection attempts
Failed authentication from unexpected sources
Process creation from SQL-related services

Network Indicators:

Anomalous SQL protocol traffic patterns
Unexpected outbound connections from database servers

SIEM Query:

source="*sql*" AND (event_id=4625 OR process_name="sqlservr.exe") AND dest_ip=INTERNAL_DB_SERVER

📊 Metadata

CVE ID: CVE-2024-28910

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-122

Published: April 9, 2024

Last Updated: January 7, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28910 Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28910 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-28910, you might also want to check these: