Blog Post

SQL Server Blog
2 MIN READ

Update: Security hotfix released for OLE DB driver for SQL Server

DavidEngelMS's avatar
DavidEngelMS
Icon for Microsoft rankMicrosoft
Jul 09, 2024

We've released hotfix packages for the following drivers to address an important security issue:

 

 

The CVE for these OLE DB driver updates is:

 

 

The issue involves connecting to a malicious server that sends malicious data in order to compromise a client. These driver updates are available via Microsoft Update, standalone download, and are included in the SQL Server 2019 and SQL Server 2022 updates that released July 9, 2024.

 

Next steps

For Windows installations, automatic updates will be provided via Microsoft Update or you can download the packages directly:

  • Microsoft OLE DB Driver 18 for SQL Server (version 18.7.4 download)
  • Microsoft OLE DB Driver 19 for SQL Server (version 19.3.5 download)

 

How do I know what version of a driver I have installed?

On Windows, look in Add or remove programs. The version is shown with the installed package. Additionally, you can look at the file properties of the installed files and inspect the Product Version field in the Details. Here are the main files for each driver:

 

    • Microsoft OLE DB Driver for SQL Server - %Windir%\system32\msoledbsql.dll
    • Microsoft OLE DB Driver 19 for SQL Server - %Windir%\system32\msoledbsql19.dll

 

Roadmap

We are committed to improving quality and bringing more feature support for connecting to SQL Server Azure SQL Database Azure Synapse Analytics, and Azure SQL Managed Instance through regular driver releases. We invite you to explore the latest the Microsoft Data Platform has to offer via a trial of Microsoft Azure SQL Database or by evaluating Microsoft SQL Server.

David Engel

Updated Sep 24, 2024
Version 2.0