CVE-2024-21375 is a high-severity use-after-free vulnerability (CWE-416) affecting the Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The flaw exists in the Windows Defender Application Control (WDAC) OLE DB provider for SQL Server, which is a component that facilitates database connectivity and operations. A use-after-free vulnerability occurs when a program continues to use a pointer after the memory it points to has been freed, potentially leading to arbitrary code execution, memory corruption, or system crashes. In this case, the vulnerability allows an unauthenticated remote attacker to execute arbitrary code on the affected system by exploiting the OLE DB provider remotely. The CVSS 3.1 base score of 8.8 reflects the critical nature of this vulnerability, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The impact on confidentiality, integrity, and availability is rated high (C:H/I:H/A:H), meaning successful exploitation could lead to full system compromise. The vulnerability is publicly disclosed but no known exploits have been observed in the wild yet. No official patches or mitigation links were provided at the time of publication, indicating that organizations must be vigilant and apply any forthcoming updates promptly. The vulnerability affects a legacy Windows 10 version (1809), which is still in use in some environments, especially where legacy applications or hardware compatibility is critical.

For European organizations, this vulnerability poses a significant risk, especially for those still running Windows 10 Version 1809 in production environments. Exploitation could lead to remote code execution without requiring authentication, potentially allowing attackers to gain full control over affected systems. This could result in data breaches, disruption of critical business operations, ransomware deployment, or lateral movement within corporate networks. Sectors such as finance, healthcare, manufacturing, and government agencies in Europe, which often rely on legacy systems or have complex IT environments, are particularly vulnerable. The high impact on confidentiality, integrity, and availability means sensitive personal data protected under GDPR could be exposed, leading to regulatory penalties and reputational damage. Additionally, the requirement for user interaction (e.g., opening a malicious file or link) means that phishing campaigns could be a likely attack vector, which remains a common threat vector in Europe. The lack of known exploits in the wild currently provides a window for proactive defense, but the high severity score demands urgent attention.

European organizations should immediately identify and inventory all systems running Windows 10 Version 1809, focusing on those using the WDAC OLE DB provider for SQL Server. Since no official patches were available at the time of disclosure, organizations should monitor Microsoft’s security advisories closely and apply updates as soon as they are released. In the interim, network-level mitigations such as restricting access to SQL Server instances and OLE DB provider endpoints to trusted internal networks can reduce exposure. Implementing strict email filtering and user awareness training to mitigate phishing risks is critical, given the user interaction requirement. Employing application whitelisting and endpoint detection and response (EDR) solutions can help detect and block exploitation attempts. Additionally, organizations should consider upgrading affected systems to a supported Windows version with active security updates to reduce the attack surface. Regular backups and incident response plans should be reviewed and tested to ensure rapid recovery in case of compromise.