Go to content
We are the #1 Microsoft partner
#1 Microsoft partner of NL
Console
language_nl language_be
Home Secure. Blogs Important update: Protect your network from LDAPNightmare

Important update: Protect your network from LDAPNightmare

Critical alert: LDAPNightmare Vulnerability
Blogs MxDR (Managed eXtended Detection and Response)
Gitte Thijssen
8-1-2025
This article is automatically translated using Azure Cognitive Services, if you find mistakes, please get in touch

A critical vulnerability called LDAPNightmare (Lightweight Directory Access Protocol (LDAP) vulnerabilities: CVE-2024-49112, a remote code execution (RCE) flaw with a 9.8), could pose a serious threat to Windows Domain controllers. This vulnerability can compromise the security of your network. In this message you can read what is going on, what steps you need to take and how we support you in this.

Wortell wins the Global Microsoft Security Partner of the Year award.

Security MSSP of the Year

A global recognition for our innovation and achievements over the past year. Together, we are building a secure environment!

Read more

What’s the issue?

Microsoft has identified two vulnerabilities in the Lightweight Directory Access Protocol (LDAP):

  • CVE-2024-49112 (CVSS score: 9.8): This vulnerability enables remote code execution (RCE), allowing an attacker to gain full control of your system.

  • CVE-2024-49113 (CVSS score: 7.5): This vulnerability can cause a Denial of Service (DoS), leading to continuous reboots of Domain Controllers.

Attackers can exploit these vulnerabilities using sophisticated techniques, sending malicious LDAP requests that may disrupt your systems or, in severe cases, grant attackers full control.

Who is at risk?

If you use Windows Domain Controllers, you may be at risk. Microsoft has published an overview of the affected Windows versions:

Check if your systems are covered and take immediate action if so.

What should you do?

If you are responsible for your own IT management, we recommend taking the following steps:

  • Install the patches: Microsoft has released security updates as part of the December 2024 Patch Tuesday updates. These updates are crucial to protect your systems from these vulnerabilities. Ensure these patches are installed as soon as possible.
     
  • Check your systems:
    • For CVE-2024-49112, you can verify your system’s vulnerability via the Microsoft Security Update Guide.
    • For CVE-2024-49113, use the following query in Microsoft Defender Advanced Hunting:

DeviceTvmSoftwareVulnerabilities 

| where CveId contains "CVE-2024-49113" 

| distinct DeviceName,RecommendedSecurityUpdate,OSPlatform 

  • Monitor your network: Keep an eye out for unusual LDAP activity, DNS SRV queries, or CLDAP responses, as these could indicate an attack.

What are we doing for you?

We support you in securing your systems:

  • Updates are applied: If we manage your IT, we ensure that the updates are installed.

  • Proactive monitoring is in place: We continuously monitor your infrastructure for suspicious activity for MxDR users.
     
  • Expert assistance is available: Please contact us with any questions or concerns.

MxDR

Are you not yet using this 24/7 cybersecurity service and would you like to know more about the possibilities?
Read more

Contact

Feel free to contact Wortell. 
Contact