Microsoft Patched Multiple SQL Server Client and Component Flaws
Microsoft disclosed a broad set of vulnerabilities affecting the SQL Server ecosystem, including remote code execution, elevation of privilege, and information disclosure issues across SQL Server Native Client, Microsoft ODBC Driver for SQL Server, core Microsoft SQL Server components, and Microsoft.SqlServer.XEvent.Configuration.dll. The largest group of advisories covered SQL Server Native Client RCE flaws, including CVE-2024-38255, CVE-2024-43459, CVE-2024-43462, CVE-2024-48993, CVE-2024-48995, CVE-2024-48996, CVE-2024-48997, CVE-2024-48998, CVE-2024-48999, CVE-2024-49000, CVE-2024-49004, CVE-2024-49005, and CVE-2024-49007. Microsoft also listed CVE-2024-49043 as an RCE flaw in Microsoft.SqlServer.XEvent.Configuration.dll and earlier ODBC driver RCE bugs CVE-2023-36730 and CVE-2023-36785.
Additional SQL Server issues included Native Scoring RCE vulnerabilities CVE-2024-26186 and CVE-2024-37338, Native Scoring information disclosure flaws CVE-2024-37342 and CVE-2024-37966, SQL Server elevation of privilege bugs CVE-2024-37965, CVE-2024-37341, CVE-2024-37980, and CVE-2026-26116, plus a general SQL Server information disclosure issue tracked as CVE-2024-43474. The disclosures show Microsoft addressing repeated attack surface in SQL Server connectivity layers and supporting components, underscoring the need for organizations running SQL Server clients, drivers, and related libraries to prioritize vendor updates across both server-side and workstation-deployed software.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
18 events from the most recent confirmed update back to the earliest known activity.
Microsoft discloses SQL Server RCE vulnerability CVE-2026-33120
Microsoft published a Security Update Guide entry for CVE-2026-33120, a remote code execution vulnerability affecting Microsoft SQL Server. The advisory included guidance for applying the appropriate security updates across supported SQL Server versions and servicing tracks.
Microsoft publishes SQL Server elevation of privilege flaw CVE-2026-32176
Microsoft released a Security Update Guide entry for CVE-2026-32176, an elevation of privilege vulnerability affecting SQL Server. The advisory was published as part of Microsoft's 2026-04-14 security updates.
Microsoft publishes SQL Server elevation of privilege flaw CVE-2026-32167
Microsoft released a Security Update Guide entry for CVE-2026-32167, an elevation of privilege vulnerability affecting SQL Server.
Microsoft publishes SQL Server elevation of privilege flaw CVE-2026-26116
Microsoft released a Security Update Guide entry for CVE-2026-26116, an elevation of privilege vulnerability affecting SQL Server.
Microsoft publishes SQL Server elevation of privilege flaw CVE-2025-55227
Microsoft released a Security Update Guide entry for CVE-2025-55227, an elevation of privilege vulnerability affecting Microsoft SQL Server. The advisory was published on 2025-09-09.
Microsoft discloses SQL Server information disclosure flaw CVE-2025-47997
Microsoft published a Security Update Guide entry for CVE-2025-47997, an information disclosure vulnerability affecting Microsoft SQL Server. The advisory was released on 2025-09-09.
Microsoft discloses SQL Server information disclosure flaw CVE-2025-49719
Microsoft published a Security Update Guide entry for CVE-2025-49719, an information disclosure vulnerability affecting Microsoft SQL Server. The advisory was released on 2025-07-08.
Microsoft discloses SQL Server RCE vulnerability CVE-2025-49717
Microsoft published a Security Update Guide entry for CVE-2025-49717, a remote code execution vulnerability affecting Microsoft SQL Server. The advisory was released on 2025-07-08.
Microsoft discloses XEvent.Configuration.dll RCE vulnerability
Microsoft published Security Update Guide entry CVE-2024-49043, a remote code execution vulnerability in Microsoft.SqlServer.XEvent.Configuration.dll, as part of its November 2024 releases.
Microsoft issues broad SQL Server Native Client RCE fixes
Microsoft published a large set of Security Update Guide entries for SQL Server Native Client remote code execution vulnerabilities, including CVE-2024-38255, CVE-2024-43459, CVE-2024-43462, CVE-2024-48993, CVE-2024-48995, CVE-2024-48996, CVE-2024-48997, CVE-2024-48998, CVE-2024-48999, CVE-2024-49000, CVE-2024-49004, CVE-2024-49005, and CVE-2024-49007.
Microsoft discloses SQL Server Native Scoring RCE flaw CVE-2024-37340
Microsoft published a Security Update Guide entry for CVE-2024-37340, a remote code execution vulnerability affecting Microsoft SQL Server Native Scoring. The advisory was released as part of Microsoft's September 2024 security updates.
Microsoft discloses SQL Server Native Scoring RCE flaw CVE-2024-37339
Microsoft published a Security Update Guide entry for CVE-2024-37339, a remote code execution vulnerability affecting Microsoft SQL Server Native Scoring. The advisory was released as part of Microsoft's September 2024 security updates.
Microsoft discloses SQL Server Native Scoring RCE flaw CVE-2024-37335
Microsoft published a Security Update Guide entry for CVE-2024-37335, a remote code execution vulnerability affecting Microsoft SQL Server Native Scoring. The advisory was released as part of Microsoft's September 2024 security updates.
Microsoft discloses SQL Server Native Scoring RCE flaw CVE-2024-26191
Microsoft published a Security Update Guide entry for CVE-2024-26191, a remote code execution vulnerability affecting Microsoft SQL Server Native Scoring. The advisory was released as part of Microsoft's September 2024 security updates.
Microsoft releases September 2024 SQL Server security updates
Microsoft published multiple SQL Server-related advisories covering remote code execution, elevation of privilege, and information disclosure issues, including CVE-2024-26186, CVE-2024-37338, CVE-2024-37341, CVE-2024-37342, CVE-2024-37965, CVE-2024-37966, CVE-2024-37980, and CVE-2024-43474.
Microsoft discloses SQL Server denial of service flaw CVE-2023-36728
Microsoft published a Security Update Guide entry for CVE-2023-36728, a denial of service vulnerability affecting Microsoft SQL Server. The advisory was released on 2023-10-10.
Microsoft discloses SQL OLE DB RCE vulnerability CVE-2023-36417
Microsoft published a Security Update Guide entry for CVE-2023-36417, a remote code execution vulnerability affecting Microsoft SQL OLE DB. The advisory was released on 2023-10-10.
Microsoft patches ODBC Driver for SQL Server RCE flaws
Microsoft published Security Update Guide entries for CVE-2023-36730 and CVE-2023-36785, both remote code execution vulnerabilities affecting the Microsoft ODBC Driver for SQL Server.
Sources
49 references tracked. Mallory keeps watching after this page renders.
CVE-2026-32167 - Security Update Guide - Microsoft - SQL Server Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2026-32176 - Security Update Guide - Microsoft - SQL Server Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2026-33120 - Security Update Guide - Microsoft - Microsoft SQL Server Remote Code Execution Vulnerability
portal.msrc.microsoft.com
Open sourceCVE-2026-26116 - Security Update Guide - Microsoft - SQL Server Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2023-36728 - Security Update Guide - Microsoft - Microsoft SQL Server Denial of Service Vulnerability
msrc.microsoft.com
Open sourceCVE-2023-36417 - Security Update Guide - Microsoft - Microsoft SQL OLE DB Remote Code Execution Vulnerability
msrc.microsoft.com
Open sourceCVE-2023-36785 - Security Update Guide - Microsoft - Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
msrc.microsoft.com
Open sourceCVE-2023-36730 - Security Update Guide - Microsoft - Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
msrc.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft Patches Multiple Windows Remote Code Execution Flaws Across Core Services
Microsoft published security advisories for a broad set of **remote code execution** vulnerabilities affecting Windows components and enterprise services, including **Windows Telephony Service**, **Hyper-V**, **ReFS**, **WSUS**, **Direct Show**, the **Windows Mobile Broadband Driver**, **Windows Server Setup and Boot Event Collection**, **SQL Server Native Client**, and **.NET**. The largest concentration of disclosures involved the Windows Telephony Service, with multiple CVEs including `CVE-2024-43620`, `CVE-2024-43627`, `CVE-2025-21190`, `CVE-2025-21240`, `CVE-2025-21243`, `CVE-2025-21250`, `CVE-2025-21266`, `CVE-2025-21273`, `CVE-2025-21409`, and `CVE-2025-21413`, indicating sustained patching activity around a single Windows attack surface. Other disclosed RCE issues expanded the risk to virtualization, storage, update infrastructure, and server environments through `CVE-2026-21244` and `CVE-2026-21248` in **Windows Hyper-V**, `CVE-2025-62456` in **Windows Resilient File System (ReFS)**, `CVE-2025-59287` in **Windows Server Update Service (WSUS)**, `CVE-2025-49666` in **Windows Server Setup and Boot Event Collection**, `CVE-2024-49012` in **SQL Server Native Client**, `CVE-2025-21291` in **Windows Direct Show**, and `CVE-2026-24288` in the **Windows Mobile Broadband Driver**. One referenced case, `CVE-2021-34458`, showed the potential severity of Microsoft RCE flaws in virtualized environments, with Microsoft describing a **Critical** Windows Kernel issue that could enable cross-guest interference on systems using **SR-IOV-capable hardware**.
May 25, 2026
Microsoft Discloses RCE Flaws in SPNEGO NEGOEX and SQL Server Native Client
Microsoft published security advisories for two remote code execution vulnerabilities affecting distinct enterprise components: **CVE-2025-47981** in the **SPNEGO Extended Negotiation (`NEGOEX`) Security Mechanism** and **CVE-2024-49008** in **SQL Server Native Client**. Both issues were listed in the Microsoft Security Update Guide as remote code execution flaws, indicating that successful exploitation could allow arbitrary code to run in the context of the targeted component. The disclosures highlight risk across both authentication infrastructure and database connectivity software commonly used in Windows environments. Organizations relying on Microsoft authentication mechanisms or legacy SQL Server client components should review the relevant advisories, identify exposed systems, and prioritize vendor updates to reduce the chance of compromise through unpatched RCE paths.
May 25, 2026
Microsoft Patches SQL Server Elevation-of-Privilege Vulnerabilities
Microsoft published security advisories for **SQL Server elevation-of-privilege** vulnerabilities **CVE-2026-26116**, **CVE-2026-26115**, and **CVE-2026-21262**. The guidance directs customers to **update their installed SQL Server version**, noting that any applicable driver fixes are included in the SQL Server updates. The advisories provide update paths across multiple supported SQL Server releases via **GDR and/or CU** packages, instructing administrators to first identify their exact SQL Server build (referencing KB `321185`) and then apply the corresponding security update for their version range. Covered update tracks include SQL Server **2025**, **2022**, **2019**, and **2017**; Microsoft notes that instances on versions not listed are **out of support** and should be upgraded to receive current and future security fixes.
Mar 21, 2026