Upgrade Microsoft OLE DB Driver for SQL Server to Avoid Remote Code Execution Vulnerability CVE-2023-38169
- 15 Jul 2024
- 1 Minute to read
- Contributors
- Print
- PDF
Upgrade Microsoft OLE DB Driver for SQL Server to Avoid Remote Code Execution Vulnerability CVE-2023-38169
- Updated on 15 Jul 2024
- 1 Minute to read
- Contributors
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
The Lasernet Server and Lasernet Meta installers install Microsoft OLE DB Driver for SQL Server. However, Lasernet 9.15.5 (and earlier) and Lasernet 10.5.2 (and earlier) install a version of the driver (18.3.0) that has the following vulnerability: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169
This vulnerability is resolved in Microsoft OLE DB Driver for SQL Server 18.6.7.
To ensure that this vulnerability is not present on Lasernet servers (Server app) or clients (Meta app), use one of the following methods to upgrade the installed driver to version 18.6.7:
Manually upgrade Microsoft OLE DB Driver for SQL Server to version 18.6.7. To do this, download the software from Microsoft and install it. The download link for the software is on the following page: https://learn.microsoft.com/en-us/sql/connect/oledb/release-notes-for-oledb-driver-for-sql-server?view=sql-server-ver16#1867
Upgrade to Lasernet 9.15.6 or Lasernet 10.6. These versions of Lasernet install Microsoft OLE DB Driver for SQL Server 18.6.7.
Warning
Do not install version 19 of Microsoft OLE DB Driver for SQL Server.