CVE-2024-26164

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Mar 12, 2024
Updated: Apr 11, 2024
CWE ID 20

Summary

CVE-2024-26166 is a remote code execution vulnerability affecting the Microsoft Windows Defender Application Control (WDAC) OLE DB provider for SQL Server. An attacker can exploit this weakness by crafting malicious SQL queries that, when processed by the vulnerable component, can lead to the execution of arbitrary code on the target system. Successful exploitation could result in significant harm, including data theft or system compromise. It is strongly recommended that affected organizations apply the available Microsoft security patch as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share