CVE-2024-49021

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 12, 2024
Updated: Nov 15, 2024
CWE ID 416

Summary

CVE-2024-49021 is a newly disclosed vulnerability affecting Microsoft SQL Server. This issue permits an unauthenticated attacker to execute arbitrary code remotely, posing a significant threat to affected systems. Successful exploitation can result in the installation of malware, unauthorized access, or other malicious activities. The vulnerability stems from a misconfiguration in the SQL Server service, which can be exploited through specially crafted packets. Microsoft has released a patch to address this issue, and it is strongly recommended that all SQL Server instances be updated as soon as possible to mitigate the risks associated with this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Microsoft SQL Server

Affected Vendors

  • Microsoft