Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

Latest MS ODBC drivers question.

During a recent vulnerability scan, it was identified that Microsoft ODBC drivers have a vulnerability that requires us to resolve via update. I wanted to confirm that these ODBC updates will not break the application's connection to the backend DB. Has anyone applied the latest Windows ODBC drivers? We are running 2023.3 but soon updating to 2023.4.

CVE-2023-36730 - Security Update Guide - Microsoft - Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

%SYSTEMROOT%\System32\msodbcsql17.dll Version is 17.6.1.1
%SYSTEMROOT%\SysWOW64\msodbcsql17.dll Version is 17.6.1.1

%SYSTEMROOT%\System32\msoledbsql.dll Version is 18.6.5.0
%SYSTEMROOT%\SysWOW64\msoledbsql.dll Version is 18.6.5.0

Find more posts tagged with

CVE-2023-36730

ODBC Drivers

Accepted answers

All comments

sum_giais

No issues and/or impact here when upgrading to the latest v17 ODBC driver (that was supports recommendation - as SCM uses v17), I'm not exactly sure what the ODBC driver is utilized for within the SolarWinds Platform however.

Can't comment on OLE - didn't have that installed.

Download ODBC Driver for SQL Server - ODBC Driver for SQL Server | Microsoft Learn

jgbecerril

Hi Im in the same situation as you were a few mmonths back, did you have any issues while upgradeing tho a newer version?

What was your procedure? I just installed EOC and the internal vulnerability scaner detected an updated verison. The microsoft udpates are disabled on the server and I might need to do a manual upgrade of the ODBC driver

Thanks

sum_giais

No impact to SolarWinds Platform services when upgrading the ODBC driver and never ran into any issues. I'd recommend reaching out to SolarWinds support if you use SCM however to determine what exactly it uses it for potentially and what the impact to that product may be.

Otherwise - the process is easy, download the latest v17 version of the ODBC driver from Microsoft, copy to server, run installer on ALL polling engines (Primary, Additionals, HA standbys if applicable) - and in your case the EOC server which is basically a polling engine with regard to what gets installed. The installer just runs and doesn't require any reboot at all.