🔴 Critical  |  Source: Microsoft Security Response Center


A heap-based buffer overflow vulnerability in Microsoft’s SQL Server ODBC driver allows an unauthenticated attacker to remotely execute arbitrary code over a network without requiring any user interaction. The flaw is classified as an Elevation of Privilege vulnerability, meaning successful exploitation could grant an attacker significantly elevated permissions on affected systems. Any environment using the SQL Server ODBC driver — including Azure-hosted SQL workloads — should treat this as an urgent patching priority.

Security Architect’s Take: Identify all systems and applications using the SQL Server ODBC driver across your Azure and on-premises estate and apply Microsoft’s patch immediately; in the interim, consider network segmentation and firewall rules to restrict access to SQL Server endpoints from untrusted sources.

Original advisory: CVE-2026-42990 SQL Server ODBC driver Elevation of Privilege Vulnerability