Upgrade Microsoft OLE DB Driver for SQL Server to Avoid Remote Code Execution Vulnerability CVE-2023-38169
- 01 Dec 2025
- 1 Minute to read
- Contributors
- Print
- PDF
Upgrade Microsoft OLE DB Driver for SQL Server to Avoid Remote Code Execution Vulnerability CVE-2023-38169
- Updated on 01 Dec 2025
- 1 Minute to read
- Contributors
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Applies to: Lasernet 9, Lasernet 10
Note
This article describes an issue that was fixed in a previous Lasernet release. This article will be retained for reference purposes but will no longer be updated. If you have any questions, contact us via the Create Ticket button in the support portal.
The Lasernet Server and Lasernet Meta installers install Microsoft OLE DB Driver for SQL Server. However, Lasernet 9.15.5 (and earlier) and Lasernet 10.5.2 (and earlier) install a version of the driver (18.3.0) that has the following vulnerability: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169
This vulnerability is resolved in Microsoft OLE DB Driver for SQL Server 18.6.7. Lasernet 9.15.6 and Lasernet 10.6 (and later) install Microsoft OLE DB Driver for SQL Server 18.6.7 or later.
To ensure that this vulnerability is not present on Lasernet servers (Server app) or clients (Meta app), use one of the following methods to upgrade the installed driver to version 18.6.7:
Upgrade to Lasernet 9.15.6 or Lasernet 10.6 (and later). These versions of Lasernet install Microsoft OLE DB Driver for SQL Server 18.6.7 or later.
Manually upgrade Microsoft OLE DB Driver for SQL Server to version 18.6.7. To do this, download the software from Microsoft and install it. The download link for the software is on the following page: https://learn.microsoft.com/en-us/sql/connect/oledb/release-notes-for-oledb-driver-for-sql-server?view=sql-server-ver16#1867
Warning
Do not install version 19 of Microsoft OLE DB Driver for SQL Server.