Question

Is Microsoft OLE DB Driver required when using PostgreSQL DB as the DB for FME Flow 2023.2?


Badge +1

We have FME Flow 2023.2.1 installed, we have chosen PostgreSQL running in AWS RDS as our database. This has been setup and configured at installation using the silent Windows installation method.

We are seeing vulnerabilities on the server FME Flow is installed on relating to Microsoft OLE DB Driver. This seems to have been installed as part of FME Flow.

 

Is the Microsoft OLE DB Driver a required driver if we’re not using SQL Server?

If so, can this be removed or do we now need to manage patching of this driver?


2 replies

Userlevel 1
Badge +5

Hi @awoodcroft_ibm 

Thank you for your post!

Are you able to share more information about the vulnerability that was found for the OLE DB driver?

If you are solely using PostgreSQL in your system and not using Microsoft SQL anywhere else (e.g. ADO to SQL), then you should be ok to remove the driver.  The other option, which is usually what we recommend in case its being used by some other software and you don’t realize it is, to update that driver via the Microsoft site.  

Do you know what version of the driver is currently installed (might be able to tell from the Add/Remove programs listing)?

 

Kate

Badge +1

Hi @kate-safe

Thanks for your reply.

The installed version of the Microsoft OLE DB Driver is 19.3.1.0. This has various CVEs related to it such as CVE-2024-28945 and CVE-2024-28910. Installing the latest Driver 19.3.3.0 resolves the CVE alerts in AWS Inspector.

Ideally we would not have the driver installed if not necessary as it would require additional patching management, which we would like to keep as minimal as possible.

For the time being we have patched the driver to the latest version(19.3.3.0) but we will try removing the driver completely and testing if FME continues to work as expected as that would be the ideal solution.

Reply