Researchers have published a proof-of-concept exploit for a pair of Windows Lightweight Directory Access Protocol (LDAP) flaws that could lead to server crashes or remote code execution (RCE) on Windows servers.
“Active Directory Domain Controllers (DCs) are considered to be one of the crown jewels in organizational computer networks,” noted researchers at security firm SafeBreach, who investigated the flaws. “Vulnerabilities found in DCs are usually much more critical than those found in usual workstations. The ability to run code on a DC or crash Windows servers heavily affects network security posture.”
The vulnerabilities, designated CVE-2024-49112 (severity 9.8 out of 10) and CVE-2024-49113 (severity 7.5), were patched in Microsoft’s December 2024 Patch Tuesday updates, with few details. However, this week SafeBreach published a detailed analysis of the flaws, along with a proof-of-concept exploit of CVE-2024-49113 that the firm’s researchers said affects any unpatched Windows server, not just domain controllers. The only requirement is that the DNS server on the victim DC has internet connectivity.