CVE-2024-49042: Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability

CVE-2024-43613: Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability

CVE-2024-49032: Microsoft Office Graphics Remote Code Execution Vulnerability

CVE-2024-49031: Microsoft Office Graphics Remote Code Execution Vulnerability

CVE-2024-49029: Microsoft Excel Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?**

An attacker with the administrator role of "azure\_pg\_admin" in the target environment could exploit this vulnerability to gain the same privileges as a SuperUser by sending a specially crafted request to an Azure Database for PostgreSQL Flexible Server with specific non-default functionality enabled.

Headline

CVE-2024-49042: Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability

Microsoft Security Response Center: Latest News