Security News > 2025 > January > LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers
2025-01-03 08:16
A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition. The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by Microsoft as part of Patch Tuesday updates for December 2024, alongside CVE-2024-49112 (
News URL
https://thehackernews.com/2025/01/ldapnightmare-poc-exploit-crashes-lsass.html
Related news
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Mitel MiCollab zero-day and PoC exploit unveiled (source)
- PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits (source)
- Adobe warns of critical ColdFusion bug with PoC exploit code (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-12 | CVE-2024-49113 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | 0.0 |
| 2024-12-12 | CVE-2024-49112 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 0.0 |