CVE-2024-49113

Name of the Vulnerable Software and Affected Versions Windows Lightweight Directory Access Protocol (LDAP) (affected versions not specified)

Description The issue is related to a denial-of-service vulnerability in Windows Lightweight Directory Access Protocol (LDAP). This vulnerability can cause the Windows server to crash, leading to potential service disruptions. A proof-of-concept exploit has been released, demonstrating the risk. Additionally, a fake proof-of-concept exploit is being used to spread information-stealing malware, targeting security researchers. The vulnerability can be exploited by sending a specially crafted CLDAP referral response packet, causing the LSASS to crash and force a reboot. It is estimated that over 302 million services are potentially affected.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.