On December 10, two Lightweight Directory Access Protocol (LDAP) vulnerabilities were published on the Microsoft Security Response Center website as part of the latest Patch Tuesday update: a remote code execution (CVE-2024-49112) and a denial of service (CVE-2024-49113) that both affect Windows Active Directory Domain Controllers. These vulnerabilities have received significant attention due to their severity, the fact that the affected technology is widely used across enterprise networks, and the lack of any public documentation explaining the exploitation path.

On January 1, SafeBreach Labs researchers Or Yair and Shahak Morag released the first proof-of-concept (PoC) exploit for CVE-2024-49113. This PoC is capable of crashing any unpatched Windows Server—not just Domain Controlers—with the only prerequisite that the DNS server of the victim DC has Internet connectivity.  

Join us on January 22, 2025, at 9 am PT/12 pm ET as SafeBreach Labs researchers Or Yair and Shahak Morag present this original research to discuss:

• How the PoC exploit for CVE-2024-49113 was successfully developed to crash unpatched Windows Servers.
• What the SafeBreach Labs team is doing to build off this research and develop the implementation of a full RCE chain for CVE-2024-49112. 
• Why these vulnerabilities still pose a significant risk to enterprise organizations despite the availability of a patch.
• What steps organizations can take to understand their level of risk and monitor for suspicious activity associated with these vulnerabilities until the patch can be implemented.