A vulnerability has been identified in Microsoft Windows and Server devices. The vulnerability could allow for Remote Code Execution (RCE) on vulnerable devices. The vulnerability (CVE-2024-49112) has a Critical CVSSv3.1 score of 9.8 out of 10.
Description:
The vulnerability involves Windows Lightweight Directory Access Protocol (LDAP), in use widely across organizations for directory management and authentication purposes. Specially crafted malicious packets can cause targeted Domain Controllers and user devices to execute arbitrary code, or cause unintended system crashes with basic network access and no authentication.
While disclosed and patched in December’s “Patch Tuesday” update, security researchers recently released a proof-of-concept exploit that allows quick and easy crashing of vulnerable Windows Server systems. This highlights the need for ensuring Windows security patches are always promptly and systematically deployed.
Affected Versions:
Windows 10, 11, and Server 2008-2025 installations without up-to-date security updates.
Recommendations:
- Ensure all relevant Windows systems are up-to-date with security patches at least to December 2024.
- Ensure automatic updates are enabled for future instances whenever possible.
References:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112
- https://github.com/SafeBreach-Labs/CVE-2024-49112
- https://www.safebreach.com/blog/ldapnightmare-safebreach-labs-publishes-first-proof-of-concept-exploit-for-cve-2024-49112/
- https://www.cve.org/CVERecord?id=CVE-2024-49112
