Vuln 178852 OLE DB driver

VulnID 178852 - Vulnerable to hackers - SQL OLE DB Driver update required
VulnID 178852 – Vulnerable to hackers – SQL OLE DB Driver update required

 

Got another vulnerability pop up on the last scan.  ‘Vuln 178852 OLE DB driver’ has vulnerabilities and needs updated.  My experience links this NOT to  ODBC vuln 175441, thereby related to added capabilities and drivers installed with SSMS v19NOTE: OLE has a pre-req of the new Visual C++ Redistributable x86 and x64 bits.  Let’s mitigate Vuln 178852 OLE DB driver update!

 

 

 

Quick outline of steps with Vuln 178852 OLE DB driver

Download the bits (and copy to repository and servers for install)

Update VC_Redist.x64.exe (and subsequent VC_Redist.x86.exe)

Update MSOLEDB drivers (x64 and possibly x86)

Re-scan to validate remediated!

 

 

Download the bits

Download Microsoft OLE DB Driver for SQL Server – OLE DB Driver for SQL Server | Microsoft Learn

https://learn.microsoft.com/en-us/sql/connect/oledb/download-oledb-driver-for-sql-server?view=sql-server-ver16

Latest supported Visual C++ Redistributable downloads | Microsoft Learn

https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170

Latest supported Visual C++ Redistributable downloads | Microsoft Learn

https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170#visual-studio-2015-2017-2019-and-2022

 Once downloaded, copy the OLE DB Driver and VC Redistributable EXE’s for x64 and x86 to the affected servers.  Search for OLE first, to assess OLE and Redistributable versions currently installed.

 

 

Assess ‘Vuln 178852 OLE DB driver’ updates on affected servers

Log into the server(s)

From Control Panel > Programs > Programs and Features > Search for ‘ole’ to see Redistributable versions

Check Control Panel for OLE DB Version

Check Control Panel for OLE DB Version

Check Redistributable version

From Control Panel > Programs > Programs and Features > Search for ‘Red’ to see Redistributable versions

From Control Panel > Programs > Programs and Features > Search for 'Red' to see Redistributable versions
From Control Panel > Programs > Programs and Features > Search for ‘Red’ to see Redistributable versions

 

 

If you don’t upgrade Visual C++ Redistributable first, you’ll get this setup error

Executing OLE DB Driver update pre-requisite error for Visual C++ Redistrubutable update
Executing OLE DB Driver update pre-requisite error for Visual C++ Redistrubutable update

 

 

Update VC_Redist.x64.exe (and subsequent VC_Redist.x86.exe

First, we have to install the Visual C++ updates to the server before we can update the driver.

From PowerShell (as admin) on affected servers

Go to saved directory for EXE and MSI files

PowerShell as admin > go to directory > run the EXE

PowerShell as admin > go to directory > run the EXE

  

Click the Check box to EULA ‘I agree’

At the Visual C++ Redistributable EULA splash screen

Check agree checkbox, then click Install button lower right

Visual C++ Redistributable EULA splash screen to check agree checkbox, then click on Install
Visual C++ Redistributable EULA splash screen to check agree checkbox, then click on Install

Update installing

VC_Redistributable installing screenshot
VC_Redistributable installing screenshot


Click Restart button (when in approved change window)

Click Restart when in change window to reboot server for Visual C++ update to apply
Click Restart when in change window to reboot server for Visual C++ update to apply

Restart server

 

 

Update VC_Redist.x86.exe

Second part, if applicable x86 library is installed, is to update.

Install next pre-req, if server contained both x86 and x64 bits for the ‘Vuln 178852 OLE DB driver’

 

From PowerShell (as admin) on affected servers:

Go to saved directory for EXE and MSI files

.\VC_redist.x86.exe

Powershell as admin window initiating the Visual C++ Redistributable x86 exe
Powershell as admin window initiating the Visual C++ Redistributable x86 exe

 

Click the Check box to EULA ‘I agree’

At the Visual C++ Redistributable EULA splash screen

Check agree checkbox, then click Install button lower right

Click on 'I agree' checkbox, and click Install button to begin the x86 Visual C++ Redistributable update
Click on ‘I agree’ checkbox, and click Install button to begin the x86 Visual C++ Redistributable update

 

Update installing

Screenshot installing the x86 Visual C++ Redistributable update
Screenshot installing the x86 Visual C++ Redistributable update

 

Update complete

Screenshot showing successful install of the x86 Visual C++ Redistributable update
Screenshot showing successful install of the x86 Visual C++ Redistributable update

 

 

 

Update MSOLEDB drivers

Third, assess first if you need x64 AND x86 drivers (my example is only x64)

Start by checking the Control Panel > Programs > Programs and Features > search for ole (and hit enter)

Control Panel > Programs > Programs and Features > searching for ole, showing old v18
Control Panel > Programs > Programs and Features > searching for ole, showing old v18

 

From PowerShell (as admin) on affected servers

Go to saved directory for EXE and MSI files

Open MSI to begin install

PowerShell as Admin running the ole MSI install
PowerShell as Admin running the ole MSI install

Click Next if you get the ‘User Account Control’ (UAC) prompt to initiate MSI install

OLE MSI Install - User Account Control (UAC) prompt to initiate MSI install
OLE MSI Install – User Account Control (UAC) prompt to initiate MSI install

Click Next

OLE MSI install, click Next
OLE MSI install, click Next

 

Click ‘I agree’ radio button and Click Next

OLE MSI Install, EULA splash screen to check 'I Agree' radio button and click Next
OLE MSI Install, EULA splash screen to check ‘I Agree’ radio button and click Next

 

Next, on the OLE MSI install, click next to accept default features (just the driver install)

OLE MSI install, click next to accept default features (just the driver install)
OLE MSI install, click next to accept default features (just the driver install)

 

Click Install to begin driver install

OLE MSI install, click install
OLE MSI install, click install

 

OLE driver install completed, click Finish

OLE driver install completed, click Finish
OLE driver install completed, click Finish

 

 

Verify Control Panel for OLE driver install and version

Lastly, assess server and application requirements to verify if the old OLE driver is okay to remove from system to clear vulnerability.  The old OLE driver on my system was installed the day I installed SSMS v19.x

Back to your Control Panel > Programs > Programs and Features window

Change search to OLE in the top right > hit enter

Click Delete on old version

On the Warning popup window, click continue

Control Panel view showing two OLE drivers, reflecting the newly installed, and the old version
Control Panel view showing two OLE drivers, reflecting the newly installed, and the old version

 

At the UAC prompt, click Yes

OLE MSI Install - User Account Control (UAC) prompt to initiate MSI install
OLE MSI Install – User Account Control (UAC) prompt to initiate MSI install

 

 Once complete, verify Control Panel window

Control Panel > Programs > Programs and Features > searching for ole, showing old v18
Control Panel > Programs > Programs and Features > searching for ole, showing old v18

 

 

 

 

Other documentation

Security Updates for Microsoft SQL Server OLE DB Driver (June … | Tenable®

https://www.tenable.com/plugins/nessus/178852

SCOM Snapshot Synchronization alerts

Synchronized Swimmers

Updated 4 Apr 2023 with Tyson’s feedback!

 

First, some background – the Snapshot Synchronization alert just tells you there was a SQL issue running the workflow.

Second, the Snapshot Synchronization alert from a health model perspective, is NOT a critical issue (outage).  Create override severity to 1 (warning) to prevent false wake-up calls.  I’ll get this to my GitHub repo shortly!

 

 

 

Let’s troubleshoot the alert

Start with Tyson’s SCOM Maintenance pack, and run the tasks

Tyson’s SCOM Maintenance pack tasks

 

Alternative long steps

Login to server with SSMS installed –

Open SSMS > Connect to the SCOM OpsMgr DB > Click on New Query

***NOTE verify database dropdown shows Operations Manager!

Paste SQL query into the query textbox

Select WorkItemName, b.WorkItemStateName, ServerName, StartedDateTimeUtc, CompletedDateTimeUtc, DurationSeconds, ERRORMESSAGE
from cs.WorkItem a , cs.WorkItemState b
where a.WorkItemStateId= b.WorkItemStateId
and WorkItemName = ‘SnapshotSynchronization’

Screenshot

Snapshot Synchronization alert query

 

 

 

Example SQL Output

SQLQueryExecution

WorkItemName WorkItemStateName ServerName StartedDateTimeUtc CompletedDateTimeUtc DurationSeconds ERRORMESSAGE
SnapshotSynchronization Succeeded SCOMV01 2023-01-24 00:26:23.427 2023-01-24 00:27:46.100 83 NULL
SnapshotSynchronization Failed SCOMV02 2023-01-25 00:27:52.363 2023-01-25 00:28:07.520 15
SnapshotSynchronization Succeeded SCOMV00 2023-01-25 21:43:36.540 2023-01-25 21:45:07.947 91 NULL
SnapshotSynchronization Running SCOMV00 2023-01-25 21:45:32.227 NULL NULL NULL

Solution:
The jobs may show Succeeded by the time you login to SQL = EOJ (end of job)

If Failed is latest date/timestamp, re-run the task “Request Snapshot Synchronization” which can be found when we select  “Management Configuration Service Group” in the below mentioned view.

View:

From Monitoring Tab > Click on Operations Manager folder > Click on Management Group Health widget > Highlight unhealthy state from Management Group Functions.

Click on the ‘Request Snapshot Synchronization’ task to execute the Stored Procedure “SnapshotSynchronizationForce” on the OpsMgr DB.

 

NOTE: There are two tasks with same name but with different targets i.e. ‘Management Configuration Service Group’ and ‘Management Configuration Services’

 

The other task can be found on below view after selecting the Management Server you want the Task to be executed on

View:

From Monitoring Tab > Expand Operations Manager folder > Expand Management Configuration Service folder > Click on Services State view

 

 

Create Override for the alert

To change snapshot monitor to warning

From SCOM Console > Authoring Tab

Expand ‘Management Pack Objects’ > Click on Monitors

In the ‘Look for:’ bar type Snapshot synchronization state and hit enter

Monitor name = Snapshot synchronization state

Right click on monitor > Overrides > Override the monitor > For all objects of class

Click checkbox for Severity > change Critical to Warning

Click Edit – add comment – i.e. date/time changing to warning

Select your override pack > Click OK

Click OK to execute change

Override snapshot monitor to warning

 

 

Resources

Tyson’s MonitoringGuys blog for SCOM Maintenance pack – download here

Link to TechNet article