Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
CVE-2024-49113

7.5HIGH

Key Information:

Vendor
Microsoft
Status
Windows 10 Version 1809
Windows Server 2019
Windows Server 2019 (server Core Installation)
Windows Server 2022
Vendor
CVE Published:
12 December 2024

Badges

📈 Trended📈 Score: 5,680💰 Ransomware👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2024-49113?

CVE-2024-49113 is a vulnerability associated with the Windows Lightweight Directory Access Protocol (LDAP), a key component in managing identity and access within Windows environments. This vulnerability can lead to a denial of service condition, disrupting the availability of critical services that rely on LDAP for authentication and directory information. Such disruptions could have significant operational impacts, hindering business processes and leading to potential financial losses for organizations that depend on these services for daily operations.

Technical Details

The vulnerability arises from specific implementation flaws within the LDAP service provided by Windows. This may allow an attacker to trigger a denial of service scenario by exploiting these vulnerabilities, thereby preventing legitimate users from accessing critical directory services. Technical assessments indicate that successful exploitation could involve sending specially crafted requests to the LDAP service, causing it to become unresponsive or crash.

Potential Impact of CVE-2024-49113

  1. Service Disruption: Organizations facing exploitation of this vulnerability may experience extensive downtime of their LDAP services, affecting authentication processes and access to necessary resources.

  2. Operational Inefficiencies: With LDAP services being a backbone for user and resource management, any denial of service could lead to broader operational challenges, impacting employees’ ability to perform their jobs and causing delays in key functions.

  3. Financial Losses: Extended service outages and operational inefficiencies can translate into significant financial losses for businesses, particularly in environments where uptime is critical for revenue-generating activities and customer service.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20857

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.7606

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.6659

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

metasploit-ldapnightmare
Created by 0xMetr0

News Articles

favicon imageSecurityWeek

Infostealer Masquerades as PoC Code Targeting Recent LDAP Vulnerability

A fake proof-of-concept (PoC) exploit for a recent LDAP vulnerability distributes information stealer malware.

favicon imageHackread

Fake PoC Exploit Targets Cybersecurity Researchers with Malware

The attackers have set up a malicious repository containing the fake PoC, leading to the exfiltration of sensitive computer and network information.

favicon imageThe Hacker News

CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer

Phishing exploits CrowdStrike branding to deliver XMRig cryptominer via fake CRM app, evading detection.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 💰

    Used in Ransomware

  • 👾

    Exploit known to exist

  • 📈

    Vulnerability started trending

  • 📰

    First article discovered

  • Vulnerability published

  • Vulnerability Reserved

.