Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
CVE-2024-49113

7.5HIGH

Key Information:

Vendor
Microsoft
Status
Windows 10 Version 1809
Windows Server 2019
Windows Server 2019 (server Core Installation)
Windows Server 2022
Vendor
CVE Published:
12 December 2024

Badges

πŸ”₯ Trending nowπŸ“ˆ TrendedπŸ“ˆ Score: 3,570πŸ“° News Worthy

What is CVE-2024-49113?

CVE-2024-49113 is a vulnerability associated with the Windows Lightweight Directory Access Protocol (LDAP), a key component in managing identity and access within Windows environments. This vulnerability can lead to a denial of service condition, disrupting the availability of critical services that rely on LDAP for authentication and directory information. Such disruptions could have significant operational impacts, hindering business processes and leading to potential financial losses for organizations that depend on these services for daily operations.

Technical Details

The vulnerability arises from specific implementation flaws within the LDAP service provided by Windows. This may allow an attacker to trigger a denial of service scenario by exploiting these vulnerabilities, thereby preventing legitimate users from accessing critical directory services. Technical assessments indicate that successful exploitation could involve sending specially crafted requests to the LDAP service, causing it to become unresponsive or crash.

Potential Impact of CVE-2024-49113

  1. Service Disruption: Organizations facing exploitation of this vulnerability may experience extensive downtime of their LDAP services, affecting authentication processes and access to necessary resources.

  2. Operational Inefficiencies: With LDAP services being a backbone for user and resource management, any denial of service could lead to broader operational challenges, impacting employees’ ability to perform their jobs and causing delays in key functions.

  3. Financial Losses: Extended service outages and operational inefficiencies can translate into significant financial losses for businesses, particularly in environments where uptime is critical for revenue-generating activities and customer service.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20857

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.7606

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.6659

News Articles

favicon imageInformation Security Newspaper

Hacking Active Directory: Learn How LDAPNightmare Flaw Shuts Down AD Services

Hacking Active Directory: Learn How LDAPNightmare Flaw Shuts Down AD Services - Vulnerabilities - Information Security Newspaper | Hacking News

1 day ago

favicon imagethecyberthrone.in

PravinKarthik

Read all of the posts by PravinKarthik on TheCyberThrone

1 day ago

favicon imageSecurity Affairs

LDAPNightmare, a PoC exploit targets Windows LDAP flaw CVE-2024-49113

Experts warn of a new PoC exploit, LDAPNightmare, that targets a Windows LDAP flaw (CVE-2024-49113), causing crashes & reboots.

2 days ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ“°

    First article discovered

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed6 News Article(s)
.