Japanese Organizations Targeted by North Korean Kimsuky APT
July 11, 2024Multiple Microsoft Products Vulnerabilities
July 11, 2024Japanese Organizations Targeted by North Korean Kimsuky APT
July 11, 2024Multiple Microsoft Products Vulnerabilities
July 11, 2024Severity
High
Analysis Summary
CVE-2024-21335, CVE-2024-37331, CVE-2024-37332, CVE-2024-37334
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the OLE DB Driver component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-37326, CVE-2024-37323, CVE-2024-37320, CVE-2024-21308
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the OLE DB Driver component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-21303, CVE-2024-37322, CVE-2024-37329, CVE-2024-35256
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the OLE DB Driver component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-21332, CVE-2024-37321, CVE-2024-20701, CVE-2024-35272
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the OLE DB Driver component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-21398, CVE-2024-21373, CVE-2024-37318, CVE-2024-37327
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the OLE DB Driver component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-28928, CVE-2024-21449, CVE-2024-37330, CVE-2024-21414
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the OLE DB Driver component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-37328, CVE-2024-21331, CVE-2024-21425, CVE-2024-21428
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the OLE DB Driver component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-21415, CVE-2024-21317, CVE-2024-37324, CVE-2024-35271
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the OLE DB Driver component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-37333, CVE-2024-38087, CVE-2024-21333, CVE-2024-38088
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the OLE DB Driver component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-37336 CVSS:8.8
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the OLE DB Driver component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Gain Access
- Code Execution
Indicators of Compromise
CVE
- CVE-2024-21335
- CVE-2024-37331
- CVE-2024-37332
- CVE-2024-37334
- CVE-2024-37326
- CVE-2024-37323
- CVE-2024-37320
- CVE-2024-21308
- CVE-2024-21303
- CVE-2024-37322
- CVE-2024-37329
- CVE-2024-35256
- CVE-2024-21332
- CVE-2024-37321
- CVE-2024-20701
- CVE-2024-35271
- CVE-2024-21398
- CVE-2024-21373
- CVE-2024-37318
- CVE-2024-37327
- CVE-2024-28928
- CVE-2024-21449
- CVE-2024-37330
- CVE-2024-21414
- CVE-2024-37328
- CVE-2024-21331
- CVE-2024-21425
- CVE-2024-21428
- CVE-2024-21415
- CVE-2024-21317
- CVE-2024-37324
- CVE-2024-37333
- CVE-2024-38087
- CVE-2024-21333
- CVE-2024-38088
- CVE-2024-37336
Affected Vendors
Affected Products
- Microsoft SQL Server 2022 for x64-based Systems (GDR)
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.