Update: Hotfixes released for ODBC and OLE DB drivers for SQL Server

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

We've released hotfix packages for the following drivers to address important security issues:

 

 

Related CVEs for these updates are the following:

 

 

All the issues involve a malicious server sending malicious data in order to compromise a client. These driver updates are included in SQL Server 2019 CU21 and SQL Server 2022 CU5. If you use the drivers in the context of either of those installs, those updates will update the drivers for you. If you have deployed the drivers as part of a standalone application, you may want to consider updating them. The vulnerabilities require a potential attacker to direct a connection to a malicious server, so if your scenario allows that, you should update.

 

Next steps

For Windows installations, you can directly download the Microsoft ODBC Driver 18 for SQL Server or the Microsoft ODBC Driver 17 for SQL Server.

Linux and macOS packages are also available and can be updated via package managers on most platforms. For installation details and manual instructions, see the online instructions for Linux or macOS.

 

Roadmap

We are committed to improving quality and bringing more feature support for connecting to SQL Server Azure SQL Database Azure SQL DW, and Azure SQL Managed Instance through regular driver releases. We invite you to explore the latest the Microsoft Data Platform has to offer via a trial of Microsoft Azure SQL Database or by evaluating Microsoft SQL Server.

David Engel

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.