Active Directory domain controllers (DCs) are considered one of the most critical assets in an organization’s computer networks. Security vulnerabilities found in DCs are typically far more critical than those discovered on standard workstations. The ability to execute code on a domain controller or cause its failure significantly impacts the security and stability of the network.

On December 10, 2024, Yuki Chen discovered two LDAP vulnerabilities affecting any DC: remote code execution (RCE) and denial of service/information leakage. These vulnerabilities were published on the Microsoft Security Response Center (MSRC) website as part of the latest Patch Tuesday update. The RCE vulnerability was assigned CVE-2024-49112 and received a CVSS score of 9.8 out of 10. The second flaw, a DoS vulnerability, was assigned CVE-2024-49113. However, no public exploit or technical article detailing the vulnerability and exploitation path was available—until now.

To mitigate this vulnerability, organizations should deploy the patch released by Microsoft. As mentioned above, SafeBreach Labs has verified that the patch sufficiently protects tested servers from exploitation and crashes. The patch should be installed as soon as possible, although it is understood that patching domain controllers and Windows servers must be carried out carefully and with proper preparation.

Would you like us to take care of your security? Contact us, and we will offer a comprehensive service that ensures you feel safe and protected.