CVE-2024-21391

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Feb 13, 2024

Updated: May 29, 2024

CWE ID 197

Summary

CVE-2024-21391 is a newly disclosed vulnerability affecting the Microsoft Windows Defender Application Control (WDAC) OLE DB provider for SQL Server. This issue permits an attacker to execute arbitrary code remotely, potentially compromising the affected system. The vulnerability arises due to an improper input validation in the OLE DB provider's handling of specially crafted SQL queries. Successful exploitation could lead to significant security implications, including unauthorized access, data theft, or system damage. Users are advised to apply the available Microsoft patch as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database