Researchers have published a peer-to-peer exploit for Windows Lightweight Directory Access Protocol (LDAP) that can lead to server crashes or remote code execution (RCE) on Windows servers.
“Active Domain Controllers (DCs) are considered one of the jewels in corporate computer networks,” noted researchers from security firm SafeBreach, which investigates vulnerabilities. “The risks found in DCs are often more serious than those found in normal workplaces. The ability to run code on a DC or crash Windows servers greatly affects the security posture of the network.”
The vulnerabilities, designated CVE-2024-49112 (severity 9.8 out of 10) and CVE-2024-49113 (severity 7.5), were patched in Microsoft’s December 2024 Patch Tuesday updates, with few details. However, this week SafeBreach published a detailed analysis of the flaws, and exploit evidence for CVE-2024-49113 that the company’s researchers say affects any uninstalled Windows server, not just domain controllers. The only requirement is that the DNS server on the victim DC has an Internet connection.
Source link