CVE-2023-28304 is a high-severity vulnerability affecting Microsoft ODBC and OLE DB, which are components used in various systems. This vulnerability could potentially allow remote code execution, posing a significant risk to affected systems. Users should be aware of this vulnerability and take necessary precautions to protect their systems.

How do I know if I'm affected?

If you're using Microsoft ODBC or OLE DB, you might be affected by the CVE-2023-28304 vulnerability. This issue impacts versions from 17.0 up to 17.10.3.1, versions from 18.0 up to 18.2.1.1, and versions from 19.1.0 up to 19.3.0. To check if you're affected, verify which version of Microsoft ODBC or OLE DB you're using and compare it to the mentioned ranges.

What should I do if I'm affected?

If you're affected by the CVE-2023-28304 vulnerability, visit the Microsoft Security Update Guide for patch and vendor advisory information. To protect your system, follow these steps: Update your Microsoft ODBC or OLE DB to the latest version, Apply security patches provided by Microsoft, and Monitor your system for any unusual activity.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, CVE-2023-28304 is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability is called "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability" and was added on April 19, 2023. To address this vulnerability, users should apply the provided patch and follow the vendor advisory to mitigate the risk.

Weakness enumeration

The weakness enumeration for this vulnerability is "Insufficient Information", indicating a lack of specific details about the vulnerability and its mitigation.

For more details

CVE-2023-28304 is a high-severity vulnerability affecting Microsoft ODBC and OLE DB, with potential for remote code execution. For a comprehensive understanding of its description, severity, technical details, and affected software configurations, refer to the NVD or the links below.

• Microsoft Security Update Guide