Tag Archives: LDAPNightmare

New episode “In the Trend of VM” (#12): 8 February CVEs & Why the Darknet Matters for VM Specialists

New episode “In the Trend of VM” (#12): 8 February CVEs & Why the Darknet Matters for VM Specialists. Now with a new design and new video editing.

Video on YouTube and LinkedIn
Post on Habr (rus)
Digest on the PT website

Content:

00:00 Greetings
00:23 Remote Code Execution – Windows Lightweight Directory Access Protocol (LDAP) (CVE-2024-49112)
01:35 Remote Code Execution – Microsoft Configuration Manager (CVE-2024-43468)
02:38 Remote Code Execution – Windows OLE (CVE-2025-21298)
03:55 Elevation of Privilege – Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)
05:02 Authentication Bypass – FortiOS/FortiProxy (CVE-2024-55591)
06:16 Remote Code Execution – 7-Zip (CVE-2025-0411)
07:27 Should a VM specialist be aware of what is happening in the Darknet?
08:48 About the digest of trending vulnerabilities

На русском

About Remote Code Execution – Windows Lightweight Directory Access Protocol (LDAP) (CVE-2024-49112)

Leave a reply

About Remote Code Execution – Windows Lightweight Directory Access Protocol (LDAP) (CVE-2024-49112). The vulnerability is from the December Microsoft Patch Tuesday. Three weeks later, on January 1, researchers from SafeBreach released a write-up on this vulnerability, labeled as LDAPNightmare, and an exploit PoC.

The exploit causes a forced reboot of Windows servers. One prerequisite: the victim domain controller’s DNS server must have Internet connectivity.

The attack flow starts with sending a DCE/RPC request to the victim server, causing the LSASS (Local Security Authority Subsystem Service) to crash and force a reboot when an attacker sends a specially crafted CLDAP (Connectionless Lightweight Directory Access Protocol) referral response packet.

But this is all about DoS, why RCE? Researchers note that RCE can be achieved by modifying the CLDAP packet.

На русском

This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.

Alexander V. Leonov

Vulnerability Management and more

Tag Archives: LDAPNightmare

New episode “In the Trend of VM” (#12): 8 February CVEs & Why the Darknet Matters for VM Specialists

About Remote Code Execution – Windows Lightweight Directory Access Protocol (LDAP) (CVE-2024-49112)