CVE-2024-37965 - K7 Labs

<< Back

CVE Number	Vulnerability	Product	Severity	Date
CVE-2024-37965	Microsoft SQL Server Elevation of Privilege Vulnerability	Microsoft SQL Server	High	26-09-2024

Technical Information

An elevation of privilege vulnerability where if exploited a low privileged user could gain administrator privileges in the server.

Patch Release Date: Sep 10, 2024
Further information on this vulnerability is available at: CVE-2024-37965

Affected Software

Microsoft SQL Server 2017 for x64-based Systems (GDR),
Microsoft SQL Server 2019 for x64-based Systems (GDR),
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR),
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack,
Microsoft SQL Server 2017 for x64-based Systems (CU 31),
Microsoft SQL Server 2022 for x64-based Systems (GDR),
Microsoft SQL Server 2022 for x64-based Systems (CU 14),
Microsoft SQL Server 2019 for x64-based Systems (CU 28)