– Date: 10th of December –
📢 Threat Alert – Windows – 🚨 Critical Security Alert! 🚨
Don’t let CVE-2024-49112 catch you off guard. Learn how to safeguard your Windows systems NOW! 💻🔒
On the 10th of December 2024, Microsoft published a security advisory about a critical vulnerability that allows an unauthenticated attacker to gain code execution on any Windows machine through a specially crafted set of LDAP calls to execute arbitrary code within the context of the LDAP service, CVE-2024-49112 (CVSS 9.8).
What’s going on?
⚠️ Unauthenticated attackers can exploit it remotely in low-complexity attacks that don’t require user interaction by sending specially crafted set of LDAP calls to any host that runs any Windows OS.
⚠️ In their security update blog Microsoft says that no public POC is available and that it’s not currently being exploited.
⚠️ The affected versions are: All Windows operating systems. From Windows Server 2008 to 2025, Windows 10 all versions and Windows 11 all versions.
Why is this a problem?
❗ Any Windows machine exposed to the internet is susceptible to this vulnerability.
❗ There are no known public POC’s available. Nevertheless, this could change at any moment in the coming weeks/months.
❗ Windows is used as the operating system in most critical infrastructure all over the world, it’s imperative to patch as soon as possible.
How does Nynox protect its customers?
🛡️ Free threat hunting based on the indicators for this attack
🛡️ Personalized assistance to mitigate the risk
🛡️ 24×7 Incident Response (CSIRT)
🛡️ 24×7 monitoring of customer environments
What can you do to mitigate the attack?
✅ Please patch to the latest available security update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112
But what if you can’t?
✅ Limit access via the network using network security tooling (VPN) or the firewall.
✅ Do not allow inbound RPC.
