CVE-2024-26164
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-26166 is a remote code execution vulnerability affecting the Microsoft Windows Defender Application Control (WDAC) OLE DB provider for SQL Server. An attacker can exploit this weakness by crafting malicious SQL queries that, when processed by the vulnerable component, can lead to the execution of arbitrary code on the target system. Successful exploitation could result in significant harm, including data theft or system compromise. It is strongly recommended that affected organizations apply the available Microsoft security patch as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.