Got another vulnerability pop up on the last scan. ‘Vuln 178852 OLE DB driver’ has vulnerabilities and needs updated. My experience links this NOT to ODBC vuln 175441, thereby related to added capabilities and drivers installed with SSMS v19. NOTE: OLE has a pre-req of the new Visual C++ Redistributable x86 and x64 bits. Let’s mitigate Vuln 178852 OLE DB driver update!
Quick outline of steps with Vuln 178852 OLE DB driver
Download the bits (and copy to repository and servers for install)
Update VC_Redist.x64.exe (and subsequent VC_Redist.x86.exe)
Update MSOLEDB drivers (x64 and possibly x86)
Re-scan to validate remediated!
Download the bits
Download Microsoft OLE DB Driver for SQL Server – OLE DB Driver for SQL Server | Microsoft Learn
Latest supported Visual C++ Redistributable downloads | Microsoft Learn
https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170
Latest supported Visual C++ Redistributable downloads | Microsoft Learn
Once downloaded, copy the OLE DB Driver and VC Redistributable EXE’s for x64 and x86 to the affected servers. Search for OLE first, to assess OLE and Redistributable versions currently installed.
Assess ‘Vuln 178852 OLE DB driver’ updates on affected servers
Log into the server(s)
From Control Panel > Programs > Programs and Features > Search for ‘ole’ to see Redistributable versions
Check Control Panel for OLE DB Version
Check Redistributable version
From Control Panel > Programs > Programs and Features > Search for ‘Red’ to see Redistributable versions
If you don’t upgrade Visual C++ Redistributable first, you’ll get this setup error
Update VC_Redist.x64.exe (and subsequent VC_Redist.x86.exe
First, we have to install the Visual C++ updates to the server before we can update the driver.
From PowerShell (as admin) on affected servers
Go to saved directory for EXE and MSI files
PowerShell as admin > go to directory > run the EXE
Click the Check box to EULA ‘I agree’
At the Visual C++ Redistributable EULA splash screen
Check agree checkbox, then click Install button lower right
Update installing
Click Restart button (when in approved change window)
Restart server
Update VC_Redist.x86.exe
Second part, if applicable x86 library is installed, is to update.
Install next pre-req, if server contained both x86 and x64 bits for the ‘Vuln 178852 OLE DB driver’
From PowerShell (as admin) on affected servers:
Go to saved directory for EXE and MSI files
.\VC_redist.x86.exe
Click the Check box to EULA ‘I agree’
At the Visual C++ Redistributable EULA splash screen
Check agree checkbox, then click Install button lower right
Update installing
Update complete
Update MSOLEDB drivers
Third, assess first if you need x64 AND x86 drivers (my example is only x64)
Start by checking the Control Panel > Programs > Programs and Features > search for ole (and hit enter)
From PowerShell (as admin) on affected servers
Go to saved directory for EXE and MSI files
Open MSI to begin install
Click Next if you get the ‘User Account Control’ (UAC) prompt to initiate MSI install
Click Next
Click ‘I agree’ radio button and Click Next
Next, on the OLE MSI install, click next to accept default features (just the driver install)
Click Install to begin driver install
OLE driver install completed, click Finish
Verify Control Panel for OLE driver install and version
Lastly, assess server and application requirements to verify if the old OLE driver is okay to remove from system to clear vulnerability. The old OLE driver on my system was installed the day I installed SSMS v19.x
Back to your Control Panel > Programs > Programs and Features window
Change search to OLE in the top right > hit enter
Click Delete on old version
On the Warning popup window, click continue
At the UAC prompt, click Yes
Once complete, verify Control Panel window
Other documentation
Security Updates for Microsoft SQL Server OLE DB Driver (June … | Tenable®