Patch Wednesday Day (11/100) — Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability CVE-2024–28929 Patch

SecOps Solution
2 min readApr 17, 2024

--

Image By SecOpSolution

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability CVE-2024–28929 Patch

Today, we focus on deploying a patch released by Microsoft on April 9, 2024, to remediate CVE-2024–28929 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability)

To check if this patch is relevant to you:

  • Go to Control Panel -> Programs -> Programs and Features and check if Microsoft ODBC Driver 17 for SQL Server is installed on your system and if its version is less than 17.10.6.1

For further information and support related to this patch, please refer to the support page.

Patch Details

Patch Deployment with SecOps Patch Management

Manual Patch deployment

  1. You can either download the patch directly from the vendor or a simpler and more accurate way could be to visit Patch Astra and search for “CVE-2024–28929” and download the patch.
  2. Once the patch file is downloaded, open PowerShell and change the current directory to the directory where the patch file is downloaded.
  3. Run the following command in Powershell to apply the patch msiexec /quiet /passive /qn /i msodbcsql.msi IACCEPTMSODBCSQLLICENSETERMS=YES ADDLOCAL=ALL
  4. This patch will not require any restart.
  5. To verify the patch is applied correctly, go to Control Panel -> Programs -> Programs and Features, and check the Microsoft ODBC Driver 17 for SQL Server’s version is 17.10.6.1.

Important Note:

  1. There are several key things to remember while deploying a patch. It is crucial to download the correct patch file that has been released for your system’s architecture, Operating System, and Build Version
  2. It is crucial that you follow the right process or supply the correct commands while installing the patch
  3. Understand if the patch requires a reboot of the system or not. If yes make sure to perform a reboot securely to avoid system corruption

SecOps Solution is an award-winning agent-less Full-stack Vulnerability and Patch Management Platform that helps organizations identify, prioritize and remediate security vulnerabilities and misconfigurations in seconds.

To schedule a demo, just pick a slot that is most convenient for you.

--

--