What is CVE-2023-29349?

CVE-2023-29349 is a high-severity remote code execution vulnerability in Microsoft ODBC and OLE DB drivers for SQL Server and Microsoft SQL Server. It affects systems running Linux, macOS, and Windows. Exploiting this vulnerability allows attackers to execute arbitrary code on affected systems, posing a significant security risk.

Who is impacted by CVE-2023-29349?

This vulnerability affects users of Microsoft ODBC Driver for SQL Server, Microsoft OLE DB Driver for SQL Server, and Microsoft SQL Server 2019 and 2022 on x64 systems.

What to do if CVE-2023-29349 affected you

If you're affected by the CVE-2023-29349 vulnerability, it's important to take action to protect your systems. First, ensure your environment only connects to known, trusted servers. Next, update your software to the latest cumulative update, which should be applied automatically if your system is configured for automatic updates. By following these steps, you can help safeguard your systems against potential exploitation.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-29349 vulnerability, known as Microsoft ODBC and OLE DB Remote Code Execution Vulnerability, is not listed in CISA's Known Exploited Vulnerabilities Catalog. It was added to the National Vulnerability Database on June 15, 2023. To protect your systems, apply the latest cumulative update provided by Microsoft.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-191, which is an integer underflow issue affecting Microsoft ODBC and OLE DB drivers for SQL Server.

Learn More

For more information about the CVE-2023-29349 vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or links above.

• Microsoft Security Update Guide

• CVE Record