March 6, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – A New PikaBot Malware – Active IOCs
February 20, 2024Rewterz Threat Advisory – Multiple IBM QRadar Suite Vulnerabilities
February 20, 2024Rewterz Threat Alert – A New PikaBot Malware – Active IOCs
February 20, 2024Rewterz Threat Advisory – Multiple IBM QRadar Suite Vulnerabilities
February 20, 2024
Severity
High
Analysis Summary
CVE-2024-21375 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the WDAC OLE DB provider for SQL Server component. By persuading a victim to connect to a malicious SQL server, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-21370 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in WDAC OLE DB provider for SQL Server. By persuading a victim to connect to a malicious SQL database using their SQL client application, an attacker could exploit this vulnerability to execute arbitrary code within the context of the user’s SQL client application.
CVE-2024-21367 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in WDAC OLE DB provider for SQL Server. By persuading a victim to connect to a malicious SQL database using their SQL client application, an attacker could exploit this vulnerability to execute arbitrary code within the context of the user’s SQL client application.
CVE-2024-21339 CVSS:6.4
Microsoft Windows could allow a local attacker to execute arbitrary code on the system, caused by a flaw in USB Generic Parent Driver. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-21346 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Win32k component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-21353 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in WDAC ODBC Driver. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-21327 CVSS:7.6
Microsoft Dynamics 365 (on-premises) is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2024-21329 CVSS:7.3
Microsoft Azure Connected Machine Agent could allow a remote authenticated attacker to gain elevated privileges on the system. By persuading a victim to open specially crafted content, an authenticated attacker could exploit this vulnerability to add symlinks and delete files with SYSTEM privileges.
CVE-2024-21338 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2024-20667 CVSS:7.5
Microsoft Azure DevOps Server could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-21369 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the WDAC OLE DB provider for SQL Server component. By persuading a victim to connect to a malicious SQL database, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-21402 CVSS:7.3
Microsoft Azure Connected Machine Agent could allow a remote authenticated attacker to gain elevated privileges on the system. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to add symlinks and delete files with SYSTEM privileges.
CVE-2024-21404 CVSS:7.5
Microsoft .NET is vulnerable to a denial of service. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-21349 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the ActiveX Data Objects component. By persuading a victim to open specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-21352 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the WDAC OLE DB provider for SQL Server component. By persuading a victim to connect to a malicious SQL server, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-21340 CVSS:4.6
Microsoft Windows could allow a physical attacker to obtain sensitive information, caused by a flaw in the Kernel component. By executing a specially crafted program, an attacker could exploit this vulnerability to obtain sensitive information from heap memory.
Impact
- Denial of Service
- Code Execution
- Cross-site Scripting
- Privilege Escalation
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2024-21375
- CVE-2024-21370
- CVE-2024-21367
- CVE-2024-21339
- CVE-2024-21346
- CVE-2024-21353
- CVE-2024-21327
- CVE-2024-21329
- CVE-2024-21338
- CVE-2024-20667
- CVE-2024-21369
- CVE-2024-21402
- CVE-2024-21404
- CVE-2024-21349
- CVE-2024-21352
- CVE-2024-21340
Affected Vendors
Microsoft
Affected Products
- Microsoft Windows Server 2016
- Microsoft Windows Server 2019
- Microsoft Windows 10 x64
- Microsoft Windows 10 1809 for 32-bit Systems
- Microsoft Windows 10 1809 for x64-based Systems
- Microsoft Windows 10 1809 for ARM64-based Systems
- Microsoft Windows Server 2012
- Microsoft Windows Server 2012 R2
- Microsoft Windows 10 x32
- Microsoft Windows Server (Server Core installation) 2019
- Microsoft Windows Server (Server Core installation) 2016
- Microsoft Windows Server (Server Core installation) 2012 R2
- Microsoft Windows Server (Server Core installation) 2012
- Microsoft Windows Server for X64-based systems (Server Core installation) 2008 SP2
- Microsoft Windows Server for 32-bit systems 2008 SP2
- Microsoft Windows Server (Server Core installation) 2022
- Microsoft Windows 10 1607 for 32-bit Systems
- Microsoft Windows 10 1607 for x64-based Systems
- Microsoft Windows Server for 32-bit systems (Server Core installation) 2008 SP2
- Microsoft Windows Server 2022
- Microsoft Windows Server for X64-based systems 2008 SP2
- Microsoft Windows 10 21H2 for 32-bit Systems
- Microsoft Windows 10 21H2 for ARM64-based Systems
- Microsoft Windows 10 21H2 for x64-based Systems
- Microsoft .NET 6.0
- Microsoft Windows Server for X64-based systems 2008 R2 SP1
- Microsoft Windows 11 22H2 for ARM64-based Systems
- Microsoft Windows Server for X64-based systems (Server Core installation) 2008 R2 SP1
- Microsoft Windows 10 22H2 for x64-based Systems
- Microsoft Windows 10 22H2 for 32-bit Systems
- Microsoft Windows 10 22H2 for ARM64-based Systems
- Microsoft Windows 11 21H2 for ARM64-based Systems
- Microsoft Windows 11 21H2 for x64-based Systems
- Microsoft Dynamics 365 Customer Engagement 9.1
- Microsoft Visual Studio 2022 17.4
- Microsoft .NET 7.0
- Microsoft Azure DevOps Server 2019.1.2
- Microsoft Visual Studio 2022 17.6
- Microsoft Azure DevOps Server 2020.1.2
- Microsoft Windows Server (Server Core installation) 2022 23H2
- Microsoft Windows 11 23H2 for ARM64-based Systems
- Microsoft Windows 11 23H2 for x64-based Systems
- Microsoft .NET 8.0
- Microsoft Azure Connected Machine Agent
- Microsoft Visual Studio 2022 17.8
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.