Critical LDAP Vulnerability Discovered in Windows Systems
/ 1 min read
🧨 Microsoft reveals critical LDAP vulnerability posing severe risks to enterprise networks. The company has identified a Remote Code Execution (RCE) vulnerability, tracked as CVE-2024-49112, in its Lightweight Directory Access Protocol (LDAP) service, with a CVSS score of 9.8. This flaw allows unauthenticated attackers to execute arbitrary code, threatening Windows 10, Windows 11, and various Windows Server editions. Discovered by researcher Yuki Chen, the vulnerability can compromise Domain Controllers when exploited through specially crafted LDAP requests. Microsoft warns that the risk escalates when combined with two other vulnerabilities disclosed recently. To mitigate risks, organizations are urged to apply patches immediately, restrict access to Domain Controllers, and monitor for unusual LDAP activity.
