Applies to: Lasernet 9, Lasernet Core 10
Note
This article describes an issue that was fixed in a previous Lasernet release. This article will be retained for reference purposes but will no longer be updated. If you have any questions, contact Lasernet Support.
The Lasernet Server and Lasernet Meta installers install Microsoft OLE DB Driver for SQL Server. However, Lasernet 9.15.5 (and earlier) and Lasernet 10.5.2 (and earlier) install a version of the driver (18.3.0) that has the following vulnerability: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169
This vulnerability is resolved in Microsoft OLE DB Driver for SQL Server 18.6.7. Lasernet 9.15.6 and Lasernet 10.6 (and later) install Microsoft OLE DB Driver for SQL Server 18.6.7 or later.
To ensure that this vulnerability is not present on Lasernet servers (Server app) or clients (Meta app), use one of the following methods to upgrade the installed driver to version 18.6.7:
Upgrade to Lasernet 9.15.6 or Lasernet 10.6 (and later). These versions of Lasernet install Microsoft OLE DB Driver for SQL Server 18.6.7 or later.
Manually upgrade Microsoft OLE DB Driver for SQL Server to version 18.6.7. To do this, download the software from Microsoft and install it. The download link for the software is on the following page: https://learn.microsoft.com/en-us/sql/connect/oledb/release-notes-for-oledb-driver-for-sql-server?view=sql-server-ver16#1867
Warning
Do not install version 19 of Microsoft OLE DB Driver for SQL Server.