Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
CVE-2023-21557

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation); Windows Server 2022
Vendor: CVE Published:; 10 January 2023

What is CVE-2023-21557?

A vulnerability has been identified in the Windows Lightweight Directory Access Protocol (LDAP) that allows an attacker to exploit the service and potentially lead to a Denial of Service condition. This could disrupt the availability of LDAP services, affecting authentication and directory services across the network. Users should apply the necessary updates to ensure their systems remain secure.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.19685

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.5648

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.3887

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 10, 2023
Vulnerability Reserved
Dec 1, 2022

Microsoft

What is CVE-2023-21557?

Affected Version(s)

References

CVSS V3.1

Timeline