Proof-of-concept (PoC) code was published for CVE-2024-49113, a denial-of-service (DoS) vulnerability in Windows LDAP.
January 3, 2025 By Ionut Arghire
SafeBreach has published proof-of-concept (PoC) exploit code targeting a recently resolved denial-of-service (DoS) vulnerability in Windows Lightweight Directory Access Protocol (LDAP).
The issue, tracked as CVE-2024-49113 (CVSS score of 7.5), was patched on December 10 along with a critical remote code execution (RCE) flaw in LDAP (CVE-2024-49112, CVSS score of 9.8).
Neither of the defects has been marked as exploited, but Microsoft warned that the RCE bug could allow unauthenticated attackers to execute arbitrary code using crafted LDAP calls, urging administrators to disconnect Domain Controllers from the internet to mitigate exposure.