This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 87%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
Hi, We are using some VB.NET Windows/Web Applications, C#.Net Windows Class Library/Windows Service Applications, Framework 4.5/4.8 have been used in all of them and referred System.Data.SqlClient for SQL Server activities. Clients are using Framework 4.8 where our application is running. Recently, we came to know about "Microsoft Security Advisory CVE-2024-0056: Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data provider Information Disclosure Vulnerability" , so could you please provide your thoughts that do we need to take any steps to overcome this Vulnerability? Note: We are also using VB 6.0 Application which refers ADODB for SQL Server activities - Is any change required in that area?
Thanks,
--Sachi...
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 89%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJL%3C/text%3E%3C/svg%3E)
Hi @Sachidhanantham Ramalingam ,
You have to update both packages to their respective secure versions, please see the links below for details. https://github.com/dotnet/announcements/issues/292
Best Regards.
Jiachen Li
If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi,
We are also using VB 6.0 Application which refers ADODB for SQL Server activities - Is any change required in VB?
Thanks,
--Sachi...
Hi,
We are also using VB 6.0 Application which refers ADODB for SQL Server activities - Is any change required with respect to "Microsoft Security Advisory CVE-2024-0056"?
Thanks,
--Sachi...
Hi @Sachidhanantham Ramalingam ,
VB6.0 is not supported by this forum.
Microsoft Security Advisory CVE-2024-0056 only addresses security issues when referencing these two packages in a .NET application.
If you are not using the System.Data.SqlClient or Microsoft.Data.SqlClient package libraries within your application, you are not affected by this vulnerability.
Thanks for your update.