Security
Headlines
HeadlinesLatestCVEs

Latest News

CVE-2024-37333: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.

Microsoft Security Response Center
Open in Source
#sql#vulnerability#rce#auth#SQL Server#Security Vulnerability
CVE-2024-37330: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.

CVE-2024-37329: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.

CVE-2024-37972: Secure Boot Security Feature Bypass Vulnerability

**According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?** An unauthorized attacker must wait for a user to initiate a connection.

CVE-2024-37971: Secure Boot Security Feature Bypass Vulnerability

**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** An unauthenticated attacker with LAN access could exploit this vulnerability.

CVE-2024-37975: Secure Boot Security Feature Bypass Vulnerability

**According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?** An unauthorized attacker must wait for a user to initiate a connection.

CVE-2024-37973: Secure Boot Security Feature Bypass Vulnerability

**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** An authenticated attacker could exploit this vulnerability with LAN access.

CVE-2024-37989: Secure Boot Security Feature Bypass Vulnerability

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could bypass Secure Boot.

CVE-2024-37988: Secure Boot Security Feature Bypass Vulnerability

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could bypass Secure Boot.

CVE-2024-37984: Secure Boot Security Feature Bypass Vulnerability

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could bypass Secure Boot.