Attacker Value
Very Low
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
1

CVE-2024-49113

Disclosure Date: December 12, 2024
CVE-2024-49113
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Impact
Techniques
Validation
Validated

Description

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

Add Assessment

1
Ratings
  • Attacker Value
    Very Low
  • Exploitability
    Very High
Common in enterpriseUnauthenticatedVulnerable in default configurationNo useful access
Technical Analysis

CVE-2024-49113 is a denial-of-service (DoS) vulnerability in the Windows Lightweight Directory Access Protocol (LDAP). It allows remote, unauthenticated attackers to disrupt the LDAP service on affected Windows servers, causing significant downtime by forcing reboots. The flaw, disclosed and patched in December 2024, highlights the importance of securing directory services in modern IT environments.

The vulnerability is attributed to an out-of-bounds read error in LDAP’s implementation. Attackers exploit this flaw by sending specially crafted Connectionless LDAP (CLDAP) referral response packets to the target server. These malicious packets can destabilize the Local Security Authority Subsystem Service (LSASS), leading to an immediate system crash and reboot. Exploitation does not require prior authentication or user interaction, though it depends on the target server’s internet connectivity for DNS operations.

Impacted Systems
This vulnerability affects multiple versions of Windows, including:

Client Systems: Windows 10 (various versions) and Windows 11 (22H2, 24H2).
Server Systems: Windows Server editions spanning 2008 to 2025.

Organizations should consult official documentation for specific build information and patch availability.

Exploit Details and Risks
Shortly after the vulnerability’s disclosure, proof-of-concept (PoC) code demonstrating the exploitability of CVE-2024-49113 emerged. The PoC demonstrated how attackers could trigger system crashes on unpatched servers, highlighting the criticality of timely patching.

Notably, some malicious actors have distributed counterfeit PoCs on public platforms. These fake exploits contain malware designed to compromise researchers’ and defenders’ systems, emphasizing the importance of sourcing code from trusted and verified sources.

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Windows 10 Version 1809 10.0.17763.6659
Windows Server 2019 10.0.17763.6659
Windows Server 2019 (Server Core installation) 10.0.17763.6659
Windows Server 2022 10.0.20348.2966
Windows 10 Version 21H2 10.0.19044.5247
Windows 11 version 22H2 10.0.22621.4602
Windows 10 Version 22H2 10.0.19045.5247
Windows Server 2025 (Server Core installation) 10.0.26100.2605
Windows 11 version 22H3 10.0.22631.4602
Windows 11 Version 23H2 10.0.22631.4602
Windows Server 2022, 23H2 Edition (Server Core installation) 10.0.25398.1308
Windows 11 Version 24H2 10.0.26100.2605
Windows Server 2025 10.0.26100.2605
Windows 10 Version 1507 10.0.10240.20857
Windows 10 Version 1607 10.0.14393.7606
Windows Server 2016 10.0.14393.7606
Windows Server 2016 (Server Core installation) 10.0.14393.7606
Windows Server 2008 Service Pack 2 6.0.6003.23016
Windows Server 2008 Service Pack 2 (Server Core installation) 6.0.6003.23016
Windows Server 2008 Service Pack 2 6.0.6003.23016
Windows Server 2008 R2 Service Pack 1 6.1.7601.27467
Windows Server 2008 R2 Service Pack 1 (Server Core installation) 6.1.7601.27467
Windows Server 2012 6.2.9200.25222
Windows Server 2012 (Server Core installation) 6.2.9200.25222
Windows Server 2012 R2 6.3.9600.22318
Windows Server 2012 R2 (Server Core installation) 6.3.9600.22318
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • microsoft

Products

  • windows 10 1507,
  • windows 10 1607,
  • windows 10 1809,
  • windows 10 21h2,
  • windows 10 22h2,
  • windows 11 22h2,
  • windows 11 24h2,
  • windows server 2008 -,
  • windows server 2008 r2,
  • windows server 2012 -,
  • windows server 2012 r2,
  • windows server 2016,
  • windows server 2019,
  • windows server 2022,
  • windows server 2022 23h2,
  • windows server 2025

References

Canonical
CVE-2024-49113 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49113)
Exploit
PoCs that have not been added by contributors directly have been sourced from: nomi-sec/PoC-in-GitHub.
A PoC added here by the AKB Worker must have at least 2 GitHub stars.
CVE-2024-49113-Checker (https://github.com/Sachinart/CVE-2024-49113-Checker) (Added by AKB Worker)
Miscellaneous
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49113

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis