Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Adobe Products Vulnerabilities
March 13, 2024
Rewterz
Rewterz Threat Alert – MuddyWater APT – Active IOCs
March 14, 2024

Rewterz Threat Advisory – Multiple Microsoft Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-26166 CVSS:8.8

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the WDAC OLE DB provider for SQL Server component. By persuading a victim to connect to a malicious SQL server, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-21444 CVSS:8.8

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the WDAC OLE DB provider for SQL Server component. By persuading a victim to connect to a malicious SQL server, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-26161 CVSS:8.8

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the WDAC OLE DB provider for SQL Server component. By persuading a victim to connect to a malicious SQL server, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-21450 CVSS:8.8

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the WDAC OLE DB provider for SQL Server component. By persuading a victim to connect to a malicious SQL server, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-21441 CVSS:8.8

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the WDAC OLE DB provider for SQL Server component. By persuading a victim to connect to a malicious SQL database, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-21443 CVSS:7.3

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel. By persuading a victim to open a specially crafted COM object, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.

CVE-2024-26176 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.

CVE-2024-21442 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.

CVE-2024-21445 CVSS:7

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel. By winning a race condition, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.

CVE-2024-26174 CVSS:5.5

Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Kernel component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain the values of registry keys and use this information to launch further attacks against the affected system.

CVE-2024-26181 CVSS:5.5

Microsoft Windows is vulnerable to a denial of service, caused by a flaw in Kernel. By executing a specially crafted program, a local authenticated attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-26178 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.

CVE-2024-26177 CVSS:5.5

Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in Kernel. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information from heap memory and use this information to launch further attacks against the affected system.

CVE-2024-26173 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.

CVE-2024-26182 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.

Impact

  • Gain Access
  • Privilege Escalation
  • Information Disclosure
  • Denial of Service

Indicators Of Compromise

CVE

  • CVE-2024-26166
  • CVE-2024-21444
  • CVE-2024-26161
  • CVE-2024-21450
  • CVE-2024-21441
  • CVE-2024-21443
  • CVE-2024-26176
  • CVE-2024-21442
  • CVE-2024-21445
  • CVE-2024-26174
  • CVE-2024-26181
  • CVE-2024-26178
  • CVE-2024-26177
  • CVE-2024-26173
  • CVE-2024-26182

Affected Vendors

Microsoft

Affected Products

  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2019
  • Microsoft Windows 10 for x64-based Systems
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2022
  • Microsoft Windows Server 2019 (Server Core installation)
  • Microsoft Windows Server 2022 (Server Core installation)
  • Microsoft Windows 10 Version 1607 for 32-bit Systems 1607
  • Microsoft Windows 10 Version 1607 for x64-based Systems 1607
  • Microsoft Windows 10 Version 1809 for 32-bit Systems 1809
  • Microsoft Windows 10 Version 1809 for ARM64-based Systems 1809
  • Microsoft Windows 10 Version 1809 for x64-based Systems 1809
  • Microsoft Windows 10 Version 21H2 for 32-bit Systems 21H2
  • Microsoft Windows 10 Version 21H2 for ARM64-based Systems 21H2
  • Microsoft Windows 10 Version 21H2 for x64-based Systems 21H2
  • Microsoft Windows 10 Version 22H2 for 32-bit Systems 22H2
  • Microsoft Windows 10 Version 22H2 for ARM64-based Systems 22H2
  • Microsoft Windows 10 Version 22H2 for x64-based Systems 22H2
  • Microsoft Windows 11 version 21H2 for ARM64-based Systems
  • Microsoft Windows 11 version 21H2 for x64-based Systems
  • Microsoft Windows 11 Version 22H2 for ARM64-based Systems 22H2
  • Microsoft Windows 11 Version 22H2 for x64-based Systems 22H2
  • Microsoft Windows 11 Version 23H2 for ARM64-based Systems 23H2
  • Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2
  • Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Microsoft Windows Server 2008 for x64-based Systems Service Pack 2
  • Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Microsoft Windows Server 2012 (Server Core installation)
  • Microsoft Windows Server 2012 R2 (Server Core installation)
  • Microsoft Windows Server 2016 (Server Core installation)
  • Microsoft Windows 11 Version 23H2 for x64-based Systems 23H2

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches. 

CVE-2024-26166

CVE-2024-21444

CVE-2024-26161

CVE-2024-21450

CVE-2024-21441

CVE-2024-21443

CVE-2024-26176

CVE-2024-21442

CVE-2024-21445

CVE-2024-26174

CVE-2024-26181

CVE-2024-26178

CVE-2024-26177

CVE-2024-26173

CVE-2024-26182