CVE-2024-49113
published 2024-12-12CVE-2024-49113: Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Affected
46 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1507 | < 10.0.10240.20857 | 10.0.10240.20857 |
| microsoft | windows_10_1607 | < 10.0.14393.7606 | 10.0.14393.7606 |
| microsoft | windows_10_1809 | < 10.0.17763.6659 | 10.0.17763.6659 |
| microsoft | windows_10_21h2 | < 10.0.19044.5247 | 10.0.19044.5247 |
| microsoft | windows_10_22h2 | < 10.0.19045.5247 | 10.0.19045.5247 |
| microsoft | windows_10_version_1507 | >= 10.0.10240.0 < 10.0.10240.20857 | 10.0.10240.20857 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.7606 | 10.0.14393.7606 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.6659 | 10.0.17763.6659 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19044.5247 | 10.0.19044.5247 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.5247 | 10.0.19045.5247 |
| microsoft | windows_11_22h2 | < 10.0.22621.4602 | 10.0.22621.4602 |
| microsoft | windows_11_24h2 | < 10.0.26100.2605 | 10.0.26100.2605 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.4602 | 10.0.22621.4602 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.4602 | 10.0.22631.4602 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.4602 | 10.0.22631.4602 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.2605 | 10.0.26100.2605 |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.7601.0 < 6.1.7601.27467 | 6.1.7601.27467 |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.6003.0 < 6.0.6003.23016 | 6.0.6003.23016 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.25222 | 6.2.9200.25222 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.22318 | 6.3.9600.22318 |
| microsoft | windows_server_2016 | < 10.0.14393.7606 | 10.0.14393.7606 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.7606 | 10.0.14393.7606 |
| microsoft | windows_server_2019 | < 10.0.17763.6659 | 10.0.17763.6659 |
Microsoft
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
vendor_msrc·2024-12-10·CVSS 7.5
CVE-2024-49113 [HIGH] CWE-125 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Windows LDAP - Lightweight Directory Access Protocol: Windows LDAP - Lightweight Directory Access Protocol
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Denial of Service
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048661
Reference: https://support.microsoft.com/help/5048661
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048654
Reference: https://support.microsoft.com/help/5048654
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048800
Reference: https://support.microsoft.com/help/5048800
Reference
GHSA
GHSA-hq8w-cr85-pwqw: Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
ghsa_unreviewed·2024-12-12
CVE-2024-49113 [HIGH] CWE-125 GHSA-hq8w-cr85-pwqw: Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Suricata
ET EXPLOIT Microsoft LDAP Referral Response Inbound (CVE-2024-49113)
suricata·2025-01-07·CVSS 7.5
CVE-2024-49113 [HIGH] ET EXPLOIT Microsoft LDAP Referral Response Inbound (CVE-2024-49113)
ET EXPLOIT Microsoft LDAP Referral Response Inbound (CVE-2024-49113)
Rule: alert udp $EXTERNAL_NET 389 -> $HOME_NET any (msg:"ET EXPLOIT Microsoft LDAP Referral Response Inbound (CVE-2024-49113)"; content:"|30|"; depth:1; content:"|04|"; distance:2; within:1; content:"|65|"; distance:4; within:1; content:"|0a 01|"; distance:1; within:2; content:"|a3|"; distance:0; content:"ldap"; within:7; pcre:"/^s?\x3a\x2f{2}/R"; reference:url,www.safebreach.com/blog/ldapnightmare-safebreach-labs-publishes-first-proof-of-concept-exploit-for-cve-2024-49113/; reference:cve,2024-49113; classtype:attempted-dos; sid:2059017; rev:1; metadata:affected_product Windows_11, affected_product Windows_Server_2019, affected_product Windows_Server_2022, affected_product Windows_Server_2016, affected_product Windows_10
No public exploits indexed.
Bleepingcomputer
Fake LDAPNightmware exploit on GitHub spreads infostealer malware
blogs_bleepingcomputer·2025-01-11·CVSS 9.8
CVE-2024-49113 [CRITICAL] Fake LDAPNightmware exploit on GitHub spreads infostealer malware
## Fake LDAPNightmware exploit on GitHub spreads infostealer malware
## Bill Toulas
A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server.
The tactic isn't novel, as there have been multiple documented cases of malicious tools disguised as PoC exploits on GitHub.
However, this case, discovered by Trend Micro , highlights that threat actors continue to use the tactic to trick unsuspecting users into infecting themselves with malware.
## A deceptive exploit
Trend Micro reports that the malicious GitHub repository contains a project that appears to have been forked from SafeBreach Labs' legitimate PoC for CVE-2024-49113, published on January 1, 2025.
Trendmicro
Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
blogs_trendmicro·2025-01-09·CVSS 9.8
CVE-2024-49113 [CRITICAL] Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
Ciberamenazas
## Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware.
By: Sarah Pearl Camiling Jan 09, 2025 Read time: ( words)
Save to Folio
In December 2024, two critical vulnerabilities in Microsoft's Windows Lightweight Directory Access Protocol (LDAP) were addressed via Microsoft’s monthly Patch Tuesday release. Both vulnerabilities were deemed as highly significant due to the widespread use of LDAP in Windows environments:
CVE-2024-49112 : A remote code execution (RCE) bug that attackers can exploit by sending specially crafted LDAP requests, allowing them to execute arbitrary code on the target system.
CVE-2024-
Trendmicro
Information Stealer Pretends to be LDAPNightmare (CVE-2024-49113) PoC Exploit
blogs_trendmicro·2025-01-09·CVSS 9.8
CVE-2024-49113 [CRITICAL] Information Stealer Pretends to be LDAPNightmare (CVE-2024-49113) PoC Exploit
Cyber Threats
## Information Stealer Pretends to be LDAPNightmare (CVE-2024-49113) PoC Exploit
Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware.
By: Sarah Pearl Camiling Jan 09, 2025 Read time: ( words)
Save to Folio
In December 2024, two critical vulnerabilities in Microsoft's Windows Lightweight Directory Access Protocol (LDAP) were addressed via Microsoft's monthly Patch Tuesday release. Both vulnerabilities were deemed as highly significant due to the widespread use of LDAP in Windows environments:
CVE-2024-49112 : A remote code execution (RCE) bug that attackers can exploit by sending specially crafted LDAP requests, allowing them to execute arbitrary code on the target system.
CVE-2024-
Trendmicro
Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
blogs_trendmicro·2025-01-09·CVSS 9.8
CVE-2024-49113 [CRITICAL] Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
Cyberbedrohungen
## Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware.
By: Sarah Pearl Camiling Jan 09, 2025 Read time: ( words)
Save to Folio
In December 2024, two critical vulnerabilities in Microsoft's Windows Lightweight Directory Access Protocol (LDAP) were addressed via Microsoft’s monthly Patch Tuesday release. Both vulnerabilities were deemed as highly significant due to the widespread use of LDAP in Windows environments:
CVE-2024-49112 : A remote code execution (RCE) bug that attackers can exploit by sending specially crafted LDAP requests, allowing them to execute arbitrary code on the target system.
CVE-20
Trendmicro
Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
blogs_trendmicro·2025-01-09·CVSS 9.8
CVE-2024-49113 [CRITICAL] Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
Cyber Threats
# Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware.
By: Sarah Pearl Camiling
2025/01/09
Read time: ( words)
Save to Folio
In December 2024, two critical vulnerabilities in Microsoft's Windows Lightweight Directory Access Protocol (LDAP) were addressed via Microsoft’s monthly Patch Tuesday release. Both vulnerabilities were deemed as highly significant due to the widespread use of LDAP in Windows environments:
- CVE-2024-49112: A remote code execution (RCE) bug that attackers can exploit by sending specially crafted LDAP requests, allowing them to execute arbitrary code on the target system.
- CVE-2024-
Trendmicro
Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
blogs_trendmicro·2025-01-09·CVSS 9.8
CVE-2024-49113 [CRITICAL] Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
Cyber Threats
## Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware.
By: Sarah Pearl Camiling Jan 09, 2025 Read time: ( words)
Save to Folio
In December 2024, two critical vulnerabilities in Microsoft's Windows Lightweight Directory Access Protocol (LDAP) were addressed via Microsoft’s monthly Patch Tuesday release. Both vulnerabilities were deemed as highly significant due to the widespread use of LDAP in Windows environments:
CVE-2024-49112 : A remote code execution (RCE) bug that attackers can exploit by sending specially crafted LDAP requests, allowing them to execute arbitrary code on the target system.
CVE-2024-
Trendmicro
Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
blogs_trendmicro·2025-01-09·CVSS 9.8
CVE-2024-49113 [CRITICAL] Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
Cyber Threats
## Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware.
By: Sarah Pearl Camiling 2025/01/09 Read time: ( words)
Save to Folio
In December 2024, two critical vulnerabilities in Microsoft's Windows Lightweight Directory Access Protocol (LDAP) were addressed via Microsoft’s monthly Patch Tuesday release. Both vulnerabilities were deemed as highly significant due to the widespread use of LDAP in Windows environments:
CVE-2024-49112 : A remote code execution (RCE) bug that attackers can exploit by sending specially crafted LDAP requests, allowing them to execute arbitrary code on the target system.
CVE-2024-49
Checkpoint
6th January– Threat Intelligence Report
blogs_checkpoint·2025-01-06·CVSS 9.8
CVE-2024-12356 [CRITICAL] 6th January– Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 6th January– Threat Intelligence Report
For the latest discoveries in cyber research for the week of 6th January, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
Check Point elaborated on the US Treasury Department cyber-attack that compromised employee workstations and classified documents. The breach, attributed to a China state-sponsored threat actor, involved unauthorized remote access using a security key from third-party provider BeyondTrust. The attackers exploited two vulnera
Trendmicro
What We Know About CVE-2024-49112 and CVE-2024-49113
blogs_trendmicro·2025-01-04·CVSS 9.8
CVE-2024-49112 [CRITICAL] What We Know About CVE-2024-49112 and CVE-2024-49113
Exploits y vulnerabilidades
## What We Know About CVE-2024-49112 and CVE-2024-49113
This blog entry provides an overview of CVE-2024-49112 and CVE-2024-49113 and includes information that organizations need to know to stay protected against potential exploitation.
By: Trend Micro Jan 04, 2025 Read time: ( words)
Save to Folio
In December 2024, two Windows Lightweight Directory Access Protocol (LDAP) vulnerabilities were identified by independent security researcher Yuki Chen: CVE-2024-49112 , a remote code execution (RCE) flaw with a 9.8 CVSS score, and CVE-2024-49113 , a denial-of-service (DoS) flaw with a 7.5 CVSS score.
This blog entry provides an overview of these two vulnerabilities and includes information that IT and SOC professionals need to know.
Trendmicro
What We Know About CVE-2024-49112 and CVE-2024-49113
blogs_trendmicro·2025-01-04·CVSS 9.8
CVE-2024-49112 [CRITICAL] What We Know About CVE-2024-49112 and CVE-2024-49113
Exploits & Vulnerabilities
## What We Know About CVE-2024-49112 and CVE-2024-49113
This blog entry provides an overview of CVE-2024-49112 and CVE-2024-49113 and includes information that organizations need to know to stay protected against potential exploitation.
By: Trend Micro Jan 04, 2025 Read time: ( words)
Save to Folio
In December 2024, two Windows Lightweight Directory Access Protocol (LDAP) vulnerabilities were identified by independent security researcher Yuki Chen: CVE-2024-49112 , a remote code execution (RCE) flaw with a 9.8 CVSS score, and CVE-2024-49113 , a denial-of-service (DoS) flaw with a 7.5 CVSS score.
This blog entry provides an overview of these two vulnerabilities and includes information that IT and SOC professionals need to know.
Trendmicro
What We Know About CVE-2024-49112 and CVE-2024-49113
blogs_trendmicro·2025-01-04·CVSS 9.8
CVE-2024-49112 [CRITICAL] What We Know About CVE-2024-49112 and CVE-2024-49113
Exploits & Vulnerabilities
## What We Know About CVE-2024-49112 and CVE-2024-49113
This blog entry provides an overview of CVE-2024-49112 and CVE-2024-49113 and includes information that organisations need to know to stay protected against potential exploitation.
By: Trend Micro Jan 04, 2025 Read time: ( words)
Save to Folio
In December 2024, two Windows Lightweight Directory Access Protocol (LDAP) vulnerabilities were identified by independent security researcher Yuki Chen: CVE-2024-49112 , a remote code execution (RCE) flaw with a 9.8 CVSS score, and CVE-2024-49113 , a denial-of-service (DoS) flaw with a 7.5 CVSS score.
This blog entry provides an overview of these two vulnerabilities and includes information that IT and SOC professionals need to know.
Trendmicro
What We Know About CVE-2024-49112 and CVE-2024-49113
blogs_trendmicro·2025-01-04·CVSS 9.8
CVE-2024-49112 [CRITICAL] What We Know About CVE-2024-49112 and CVE-2024-49113
Ausnutzung von Schwachstellen
## What We Know About CVE-2024-49112 and CVE-2024-49113
This blog entry provides an overview of CVE-2024-49112 and CVE-2024-49113 and includes information that organizations need to know to stay protected against potential exploitation.
By: Trend Micro Jan 04, 2025 Read time: ( words)
Save to Folio
In December 2024, two Windows Lightweight Directory Access Protocol (LDAP) vulnerabilities were identified by independent security researcher Yuki Chen: CVE-2024-49112 , a remote code execution (RCE) flaw with a 9.8 CVSS score, and CVE-2024-49113 , a denial-of-service (DoS) flaw with a 7.5 CVSS score.
This blog entry provides an overview of these two vulnerabilities and includes information that IT and SOC professionals need to know.
Trendmicro
What We Know About CVE-2024-49112 and CVE-2024-49113
blogs_trendmicro·2025-01-04·CVSS 9.8
CVE-2024-49112 [CRITICAL] What We Know About CVE-2024-49112 and CVE-2024-49113
Exploits & Vulnerabilities
# What We Know About CVE-2024-49112 and CVE-2024-49113
This blog entry provides an overview of CVE-2024-49112 and CVE-2024-49113 and includes information that organizations need to know to stay protected against potential exploitation.
By: Trend Micro
2025/01/04
Read time: ( words)
Save to Folio
In December 2024, two Windows Lightweight Directory Access Protocol (LDAP) vulnerabilities were identified by independent security researcher Yuki Chen: CVE-2024-49112, a remote code execution (RCE) flaw with a 9.8 CVSS score, and CVE-2024-49113, a denial-of-service (DoS) flaw with a 7.5 CVSS score.
This blog entry provides an overview of these two vulnerabilities and includes information that IT and SOC professionals need to know.
How attackers can exploit CVE-20
Trendmicro
What We Know About CVE-2024-49112 and CVE-2024-49113
blogs_trendmicro·2025-01-04·CVSS 9.8
CVE-2024-49112 [CRITICAL] What We Know About CVE-2024-49112 and CVE-2024-49113
Exploits & Vulnerabilities
## What We Know About CVE-2024-49112 and CVE-2024-49113
This blog entry provides an overview of CVE-2024-49112 and CVE-2024-49113 and includes information that organizations need to know to stay protected against potential exploitation.
By: Trend Micro 2025/01/04 Read time: ( words)
Save to Folio
In December 2024, two Windows Lightweight Directory Access Protocol (LDAP) vulnerabilities were identified by independent security researcher Yuki Chen: CVE-2024-49112 , a remote code execution (RCE) flaw with a 9.8 CVSS score, and CVE-2024-49113 , a denial-of-service (DoS) flaw with a 7.5 CVSS score.
This blog entry provides an overview of these two vulnerabilities and includes information that IT and SOC professionals need to know.
Bleepingcomputer
Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws
blogs_bleepingcomputer·2024-12-10·CVSS 7.8
[HIGH] Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws
## Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws
## Lawrence Abrams
27 Elevation of Privilege Vulnerabilities
30 Remote Code Execution Vulnerabilities
7 Information Disclosure Vulnerabilities
5 Denial of Service Vulnerabilities
1 Spoofing Vulnerabilities
This count does not include two Edge flaws that were previously fixed on December 5 and 6th.
To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5048667 & KB5048685 cumulative updates and the Windows 10 KB5048652 cumulative update .
## One actively exploited zero-day disclosed
This month's Patch Tuesday fixes one actively exploited, publicly disclosed zero-day vulnerability.
Microsoft classifies a zero-day flaw as one that is publicly
Greynoiseio
Storm Watch
blogs_greynoiseio
Storm Watch
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
2024-12-12
Published