CVE-2024-21367
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-21367 is a newly disclosed vulnerability affecting Microsoft's Windows Defender Application Control (WDAC) OLE DB provider for SQL Server. This issue allows an unauthenticated remote attacker to execute arbitrary code on a vulnerable system. The WDAC component is designed to help protect against malicious software, but in this case, it becomes the attack vector. Exploitation of this vulnerability could lead to a complete system compromise. Microsoft has released a patch to address this issue, and it is strongly recommended that all affected systems be promptly updated to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.