Rewterz Threat Advisory – CVE-2023-24892 – CVE-2023-23384 – Microsoft SQL Server Vulnerability

Severity

High

Analysis Summary

CVE-2023-23384

Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

• Code Execution

Indicators Of Compromise

CVE

• CVE-2023-23384

Affected Vendors

Microsoft

Affected Products

• Microsoft SQL Server 2008 SP4 x32
• Microsoft SQL Server 2008 SP4 x64
• Microsoft SQL Server 2008 R2 for 32-Bit Systems Service Pack 3 (QFE) x64
• Microsoft SQL Server 2008 R2 for x64-Based Systems Service Pack 3 (QFE) x64
• Microsoft SQL Server 2012 for 32-bit Systems Service Pack 4 (QFE) x64
• Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE) x64
• Microsoft SQL Server 2014 for 32-bit systems Service Pack 3 (CU 4) x64
• Microsoft SQL Server 2014 for 32-bit systems Service Pack 3 (GDR) x64
• Microsoft SQL Server 2014 for X64-based systems Service Pack 3 (CU 4) x64
• Microsoft SQL Server 2014 for X64-based systems Service Pack 3 (GDR) x64
• Microsoft SQL Server 2016 for X64-based systems Service Pack 3 (GDR) x64
• Microsoft SQL Server 2016 for X64-based systems Service Pack 3 Azure Connectivity Pack x64
• Microsoft SQL Server 2017 for X64-based systems (CU 31) x64
• Microsoft SQL Server 2017 for X64-based systems (GDR) x64
• Microsoft SQL Server 2019 for X64-based systems (CU 18) x64
• Microsoft SQL Server 2019 for X64-based systems (GDR) x64
• Microsoft SQL Server 2022 for X64-based systems (GDR) x64

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

Microsoft Security Update Guide