The Download
Microsoft issued patches for two critical vulnerabilities in the Windows Lightweight Directory Access Protocol (LDAP) that IT administrators must address promptly. The first, CVE-2024-49112, is a remote code execution flaw with a CVSS score of 9.8, allowing unauthenticated attackers to execute arbitrary code within the LDAP service context. The second, CVE-2024-49113, is a denial-of-service vulnerability with a CVSS score of 7.5, potentially enabling attackers to crash unpatched Windows servers. Exploiting these vulnerabilities could lead to unauthorized system control or service disruptions, posing significant risks to organizational security.
What You Can Do
To mitigate these threats, IT administrators should immediately apply the latest security updates released by Microsoft for all affected Windows servers and clients. It's crucial to test these patches in a controlled environment before full deployment to identify and resolve potential issues, such as reported disruptions with services like Microsoft Entra Connect. Additionally, administrators should monitor network traffic for unusual activity, review and restrict unnecessary RPC connections to domain controllers, and ensure that LDAP services are appropriately configured and secured to prevent unauthorized access.
Scan your attack surfaces daily with ThreatMate.
To Learn More: