Exploit for a critical Windows vulnerability has been published: just one request is enough to destroy any infrastructureA proof-of-concept exploit for a vulnerability in the Windows Lightweight Directory Access Protocol (LDAP), patched in December 2024, was recently published online.
The vulnerability, designated CVE-2024-49113 (CVSS 7.5), can lead to a denial of service (DoS). Its fix was included in Microsoft's December updates, along with CVE-2024-49112 (CVSS 9.8), a critical integer overflow vulnerability that allows remote code execution.
A proof-of-concept exploit, dubbed "LDAPNightmare" by SafeBreach Labs researchers, can crash a Windows server without any additional conditions if the domain controller's (DC) DNS server has internet access.
LDAPNightmare: опубликован эксплойт критической уязвимости Windows
Всего одного запроса достаточно, чтобы разрушить любую инфраструктуру.
www.securitylab.ru
