CVE-2024-37337 – This vulnerability in Microsoft SQL Server Nati... (How to Fix)

Q: What is the severity of CVE-2024-37337?

CVE-2024-37337 has a CVSS score of 7.1 (HIGH). This vulnerability in Microsoft SQL Server Native Scoring allows an authenticated attacker to read sensitive information from memory. It affects SQL Server instances where the Native Scoring feature is enabled, potentially exposing data that should remain confidential.

📋 TL;DR

This vulnerability in Microsoft SQL Server Native Scoring allows an authenticated attacker to read sensitive information from memory. It affects SQL Server instances where the Native Scoring feature is enabled, potentially exposing data that should remain confidential.

💻 Affected Systems

Products:

Microsoft SQL Server

Versions: Specific versions as listed in Microsoft's advisory (typically recent versions before patching)

Operating Systems: Windows Server, Linux (for SQL Server on Linux)

Default Config Vulnerable: ✅ No

Notes: Requires Native Scoring feature to be enabled and attacker to have authenticated access to the SQL Server instance.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could extract sensitive data like credentials, encryption keys, or proprietary business information from SQL Server memory, leading to data breaches or further system compromise.

🟠

Likely Case

Information disclosure of memory contents that could include partial database records, configuration details, or other system information accessible to authenticated users.

🟢

If Mitigated

Limited impact with proper access controls and network segmentation, as authentication is required and the vulnerability doesn't allow code execution.

🌐 Internet-Facing: MEDIUM - While authentication is required, exposed SQL Server instances could be targeted by attackers who obtain credentials through other means.

🏢 Internal Only: MEDIUM - Internal attackers or compromised accounts could exploit this to gather sensitive information for lateral movement or data exfiltration.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access and knowledge of the Native Scoring feature. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft's security update for specific version numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37337

Restart Required: Yes

Instructions:

1. Apply the latest Microsoft SQL Server security update from Windows Update or Microsoft Update Catalog. 2. Restart the SQL Server service. 3. Verify the patch is applied by checking the SQL Server version.

🔧 Temporary Workarounds

Disable Native Scoring

all

Disable the Native Scoring feature if not required for your workload

EXEC sp_configure 'show advanced options', 1;
RECONFIGURE;
EXEC sp_configure 'native scoring', 0;
RECONFIGURE;

Restrict Access

all

Limit access to SQL Server to only necessary users and applications

🧯 If You Can't Patch

Implement strict access controls and principle of least privilege for SQL Server accounts
Segment SQL Server instances from untrusted networks and monitor for unusual access patterns

🔍 How to Verify

Check if Vulnerable:

Check if Native Scoring is enabled: EXEC sp_configure 'native scoring'; If value is 1, feature is enabled.

Check Version:

SELECT @@VERSION;

Verify Fix Applied:

Verify SQL Server version matches patched version from Microsoft advisory and Native Scoring configuration remains secure.

📡 Detection & Monitoring

Log Indicators:

Unusual Native Scoring usage patterns
Multiple failed authentication attempts followed by successful login
Unexpected memory access patterns in SQL Server logs

Network Indicators:

Unusual SQL Server connections from unexpected sources
High volume of Native Scoring queries

SIEM Query:

source="sql_server" AND (event_id=18454 OR event_id=18453) AND process_name LIKE "%native%scoring%"

📊 Metadata

CVE ID: CVE-2024-37337

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

CWE: CWE-197

Published: September 10, 2024

Last Updated: September 23, 2024

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37337 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-37337, you might also want to check these: