CVE-2024-28940 – This vulnerability in Microsoft OLE DB Driver f... (How to Fix)

Q: What is the severity of CVE-2024-28940?

CVE-2024-28940 has a CVSS score of 8.8 (HIGH). This vulnerability in Microsoft OLE DB Driver for SQL Server allows remote attackers to execute arbitrary code on affected systems by sending specially crafted requests. It affects applications using the vulnerable driver to connect to SQL Server databases. The vulnerability is exploitable without authentication in certain configurations.

📋 TL;DR

This vulnerability in Microsoft OLE DB Driver for SQL Server allows remote attackers to execute arbitrary code on affected systems by sending specially crafted requests. It affects applications using the vulnerable driver to connect to SQL Server databases. The vulnerability is exploitable without authentication in certain configurations.

💻 Affected Systems

Products:

Microsoft OLE DB Driver for SQL Server

Versions: Specific versions as listed in Microsoft advisory (typically recent versions before patch)

Operating Systems: Windows, Linux (if driver supports)

Default Config Vulnerable: ⚠️ Yes

Notes: Applications using the vulnerable OLE DB driver component are affected regardless of SQL Server version.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining SYSTEM/administrator privileges, enabling data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Attacker gains initial foothold on database server, then pivots to other systems in the network, potentially leading to data exfiltration or lateral movement.

🟢

If Mitigated

Attack blocked at network perimeter or detected by security controls before code execution occurs.

🌐 Internet-Facing: HIGH if SQL Server with OLE DB Driver is exposed to internet without proper segmentation.

🏢 Internal Only: MEDIUM to HIGH depending on network segmentation and access controls.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

CWE-122 indicates heap-based buffer overflow, which typically requires specific conditions to exploit reliably.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific version

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28940

Restart Required: Yes

Instructions:

1. Download latest OLE DB Driver from Microsoft Download Center
2. Stop applications using the driver
3. Install updated driver
4. Restart affected services/systems
5. Test application connectivity

🔧 Temporary Workarounds

Network Segmentation

windows

Restrict network access to SQL Server ports (1433, 1434) to only trusted sources

Windows Firewall: New-NetFirewallRule -DisplayName "Block SQL Ports" -Direction Inbound -LocalPort 1433,1434 -Protocol TCP -Action Block

Application Whitelisting

all

Prevent execution of unauthorized binaries that might be dropped by exploit

🧯 If You Can't Patch

Implement strict network segmentation to isolate SQL Server from untrusted networks
Deploy intrusion prevention systems (IPS) with rules to detect and block exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check OLE DB Driver version against patched versions in Microsoft advisory

Check Version:

Windows: Check driver properties in ODBC Data Source Administrator or registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSOLEDBSQL

Verify Fix Applied:

Verify installed OLE DB Driver version matches or exceeds patched version

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from SQL Server service
Failed authentication attempts followed by buffer overflow patterns
Windows Event ID 4688 with suspicious parent process

Network Indicators:

Unusual SQL protocol traffic patterns
Connection attempts to SQL Server from unexpected sources
Large or malformed SQL packets

SIEM Query:

source="windows" EventCode=4688 (NewProcessName=*cmd* OR NewProcessName=*powershell*) AND ParentProcessName="sqlservr.exe"

📊 Metadata

CVE ID: CVE-2024-28940

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-122

Published: April 9, 2024

Last Updated: January 15, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28940 Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28940 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-28940, you might also want to check these: