0

I posted a question to Stack Overflow about this error when it started occurring for our older Delphi 7 applications on Windows 10.

It is now happening on Windows Server 2012 R2 systems that had these recent updates:

  • KB5020690
  • KB5019958
  • KB5020023
  • KB5020010
  • KB5020680

We uninstalled KB5019958, thinking it was the most likely culprit, but that didn't fix the issue. Rolling back all 5 updates did fix it though. We have another server exhibiting the same problem, so we will roll each update back and test until the error is gone, then reinstall all the other updates to ensure it's not a combined affect.

It is certainly a client issue, as the SQL Server 2014 machine does have these updates installed, so our program falls over when run directly on that server, but not when run on the remote app server where the updates have been rolled back which is connecting to that SQL server.

EDIT 21/11

After trial and error, we found that if the update for either KB5020010 or KB5020023 was installed, then the older Delphi 7 programs threw the error.

Interestingly, both these updates

Addresses security vulnerabilities in the Kerberos and Netlogon protocols

No mention on the KB articles about the updates affecting SQL Server connections.

SiBrit
  • 101
  • 3
  • Delphi 7 has died on 2008. there was enough time to find a supported solution in the meanwhile. It's similar to newer Kernel as also win11 cutting the old unmaintained environments out. I never see since the 2k's a Delphi application on the most of my support time ever. Not all affected applications will be inserted into the KB text. – djdomi Nov 21 '22 at 05:29
  • 1
    Turns out SQL Server is affected by authentication issues. What has your organization done to prepare for and audit the Kerberos changes described in the KB articles and the linked article: https://support.microsoft.com/KB/5020805 – Greg Askew Nov 21 '22 at 11:47
  • Interesting. But the Windows Update was applied to the application servers, not the domain controllers, so why would that break it? It's just annoying that the change to the client SQL drivers in the update breaks our applications. They are drivers. It should have no affect. – SiBrit Nov 24 '22 at 01:00

3 Answers3

2

Sorry not answer, but not enough rep to comment.

Same issue here. Affected a 2012R2 RDS deployment to a legacy app that uses ODBC's SQL Driver. All this is related to https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41048 Microsoft ODBC Driver Remote Code Execution Vulnerability. Rollback helped.

Faunce
  • 21
  • 2
0

Thank you, this was an extremely useful post in finding the root cause of the strange database related errors from Maximizer v10 application accessing a SQL database on Windows Server 2012 R2.The application would post several DATAMANAGER error code 19 exceptions. Uninstalling KB5020010 resolved this issue. I think that KB5020023 might need to be uninstalled too.

Shamieg Jardine
  • 1
0

We got the same issue. All this is related to https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41048 Microsoft ODBC Driver Remote Code Execution Vulnerability. Rollback helped.

Tax Max
  • 1
  • 1