Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2024-49014: SQL Server Native Client Remote Code Execution Vulnerability

How could an attacker exploit this vulnerability?

An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.

Microsoft Security Response Center
#sql#vulnerability#rce#auth#SQL Server#Security Vulnerability

Microsoft Security Response Center: Latest News

CVE-2024-49042: Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability