Products Overview Attack Surface Management Automated Security Testing Exploit Intelligence
Platform How It Works AI at CyCognito Pricing
 
Demo of the CyCognito Platform

See the CyCognito platform in action to understand how it can help you identify, prioritize and eliminate your most critical risks. More...

Real World Solutions Assess Your Security Effectiveness Secure Your Software Supply Chain Manage Your Attack Surface
  Monitor Subsidiary Risk Prioritize & Eliminate Attack Vectors Scale Your Pen Testing
  Simplify Compliance Initiatives Evaluate Merger & Acquisition Risk
State of External Exposure Management, Summer 2024 Edition

Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024. More...

Meet Our Customers Customer Overview Customer Testimonials Customer Videos
Customer Stories Berlitz Asklepios Ströer Human API Scientific Games
Current Customers Customer Support Customer Login Knowledge Base
The Total Economic Impact™ of The CyCognito Platform

Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. More...

Company About Us Leadership Team Careers Privacy and Trust Contact Us
News Latest News Press Releases Media Coverage Events Awards
Partners Partner Program Resellers, MSPs & Systems Integrators Technology Alliance Partners Become a Partner Partner Login
External Exposure & Attack Surface Management For Dummies

As your attack surface has grown to cloud infrastructures and across subsidiaries, attackers are looking for and finding unknown and unmanaged assets to serve as their entry points. More...

Resources What's New Research Reports White Papers + eBooks Solution Briefs Datasheets
  Webinars Videos Blog Glossary Security & Compliance
Learning Center API Security Application Security Attack Surface DRPS
  Exposure Management Penetration Testing Vulnerability Assessment Vulnerability Management
EASM 101 External Attack Surface Management Attack Surface Management Attack Surface Discovery Attack Surface Protection Attack Surface Reduction

CyCognito Blog

Research

Emerging Threat: Windows LDAP CVE-2024-49113

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
January 8, 2025

What is CVE-2024-49113? 

CVE-2024-49113, also known as LDAPNightmare, is a high severity (CVSS score of 7.5) unauthenticated Denial of Service (DoS) vulnerability in Windows Lightweight Directory Access Protocol (LDAP). This vulnerability allows attackers to crash any unpatched Windows server with an internet-accessible DNS server by overwhelming a critical internal component of the operating system.  

Both CVE-2024-49113 and its relative, the critical RCE vulnerability CVE-2024-49112, were publicized in December 2024. Although both were serious vulnerabilities, they initially were not accompanied by a public PoC or any evidence of exploitation in the wild. That changed when researchers at SafeBreach released a public PoC on January 1st, 2025. 

What assets are affected by CVE-2024-49113? 

The following assets are affected by CVE-2024-49113: 

  • Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation): from 10.0.17763.0 before 10.0.17763.6659
  • Windows Server 2022: from 10.0.20348.0 before 10.0.20348.2966
  • Windows 10 Version 21H2: from 10.0.19043.0 before 10.0.19044.5247
  • Windows 11 version 22H2: from 10.0.22621.0 before 10.0.22621.4602
  • Windows 10 Version 22H2: from 10.0.19045.0 before 10.0.19045.5247
  • Windows 11 Version 24H2, Windows Server 2025, Windows Server 2025 (Server Core installation): from 10.0.26100.0 before 10.0.26100.2605
  • Windows 11 Version 23H2, Windows 11 version 22H3: from 10.0.22631.0 before 10.0.22631.4602
  • Windows Server 2022, 23H2 Edition (Server Core installation): from 10.0.25398.0 before 10.0.25398.1308
  • Windows 10 Version 1507: from 10.0.10240.0 before 10.0.10240.20857
  • Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation): from 10.0.14393.0 before 10.0.14393.7606
  • Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation): from 6.0.6003.0 before 6.0.6003.23016
  • Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation): from 6.1.7601.0 before 6.1.7601.27467
  • Windows Server 2012, Windows Server 2012 (Server Core installation): from 6.2.9200.0 before 6.2.9200.25222
  • Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation): from 6.3.9600.0 before 6.3.9600.22318

Are fixes available? 

Microsoft recommends implementing a patch to all affected devices. This patch’s efficacy has been verified by independent testing. 

Are there any other recommended actions to take? 

Because patching devices like Windows servers is delicate and time-consuming, to mitigate risk while preparing and deploying patches, security teams can implement detections to monitor suspicious CLDAP referral responses (with the specific malicious value set), suspicious DsrGetDcNameEx2 calls, and suspicious DNS SRV queries.

Is CVE-2024-49113 being actively exploited? 

As of January 6th, 2025, there are no reports of attackers actively exploiting this vulnerability, although that is expected to change now that there is a public PoC.      

How is CyCognito helping customers identify assets vulnerable to CVE-2024-49113? 

CyCognito is investigating methods to actively detect this vulnerability.  In the meantime, customers can check for potentially vulnerable assets using custom filters provided by CyCognito.  

Figure 1: The alert sent by CyCognito for CVE-2024-49113

How can CyCognito help your organization? 

CyCognito is an exposure management platform that reduces risk by discovering, testing and prioritizing security issues. The platform scans billions of websites, cloud applications and APIs and uses advanced AI to identify the most critical risks and guide remediation. Emerging companies, government agencies and Fortune 500 organizations rely on CyCognito to secure and protect from growing threats. Want to see how it works? Check out our website and explore our platform with a self-guided, interactive dashboard product tour. To learn how CyCognito can help you understand your external attack surface and exposed risks, please visit our Contact Us page to schedule a demo.


Topics


Search the Blog



Recent Posts

Emma Zaballos
Emerging Threat: Windows LDAP CVE-2024-49113
By Emma Zaballos
January 8, 2025
Emma Zaballos
Emerging Threat: Palo Alto PAN-OS CVE-2024-3393 
By Emma Zaballos
December 31, 2024
Emma Zaballos
Emerging Threat: Apache Struts CVE-2024-53677
By Emma Zaballos
December 19, 2024
Jason Pappalexis
Need to boost the value of your security budget in 2025? Here’s how.
By Jason Pappalexis
December 16, 2024
Emma Zaballos
​​Gift or Grift? How Retailers Can Combat Cyber Threats This Season
By Emma Zaballos
November 21, 2024


Top Tags


CyCognito Research Report

State of External Exposure Management, Summer 2024 Edition

State of External Exposure Management, Summer 2024 Edition

Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024.
O'Reilly Report

Moving from Vulnerability Management to Exposure Management

Moving from Vulnerability Management to Exposure Management

Download the report to learn about the historical trends behind the emergence of exposure management, how to develop a strategic plan and assemble a team to smoothly transition frameworks, and example tech stacks to consider for your organization.
Request a Free Scan

See Exactly What Attackers See

Get a Free Scan of Your Attack Surface

Get a free scan of your attack surface and gain valuable insight into your organization's risk posture by allowing CyCognito to discover, contextualize, and test externally exposed assets on a portion of your parent company or a single subsidiary.

Request a Scan