CVE-2024-49113

Published Dec 12, 2024

Last updated a month ago

CVSS high 7.5
LDAPNightmare

Overview

Description
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Source
secure@microsoft.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-125
nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending
  1. Explore Cool CVEs 🔹 CVE-2024-45519 🔹 CVE-2024-46538 🔹 CVE-2024-49113 🔹 CVE-2024-9264 🔹 CVE-2025-0411 🔹 CVE-2020-7660 Check it out & level up your exploit game! https://t.co/ZNLzGRXrDy #CyberSecurity #ExploitDev #RedTeam

    @defhawk_specter

    23 Feb 2025

    83 Impressions

    1 Retweet

    4 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  2. #threatreport #LowCompleteness LDAPNightmare Spoof Stealer | 17-02-2025 Source: https://t.co/VRiGKlBgpL Key details below ↓ 💀Threats: Ldapnightmare_vuln, Upx_tool, 🎯Victims: Security researchers 🔓CVEs: CVE-2024-49113 \[[Vulners](https://t.co/54qTXK61Qp)] - CVSS V3.1:… htt

    @rst_cloud

    18 Feb 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🧵 Fio: 1/ ❓ Como os atacantes podem explorar os CVE-2024-49112 e CVE-2024-49113? Essas vulnerabilidades podem ser usadas para comprometer seu sistema. https://t.co/LS6Bei0cmR

    @TrendMicroBR

    17 Feb 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. CVE-2024-49112 is under scrutiny after a typographical error mislabeling it as CVE-2024-49113 enabled a spoof GitHub repository. Beware of potential malware data collection & FTP risks! 🔒🐱‍💻 #GitHubSecurity #MalwareAlert #USA link: https://t.co/weGhHKgEYB https://t.co/Sd2

    @TweetThreatNews

    17 Feb 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🧵 Hilo: 1/ ❓ ¿Cómo pueden los atacantes explotar CVE-2024-49112 y CVE-2024-49113? Estas vulnerabilidades podrían ser utilizadas para comprometer tu sistema https://t.co/QmfekMQjlc

    @TrendMicroLATAM

    17 Feb 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Explore how a supposed #PoC for CVE-2024-49113 is used to spread information stealers. Learn about the implications of this attack and actionable steps to secure your systems: ⬇️ https://t.co/KCAuq4WJ5x

    @TrendMicroRSRCH

    9 Feb 2025

    390 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit | Trend Micro (US) https://t.co/692RAyHIZW

    @URAmamK

    9 Feb 2025

    68 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. The recently discovered LDAPNightmare exploit (CVE-2024-49113) can disrupt your critical Windows infrastructure. Get your comprehensive guide to: 1. Understanding LDAPNightmare 2. Detecting the vulnerability 3. Defending against potential attacks https://t.co/sffA0LF8tG https://

    @SemperisTech

    8 Feb 2025

    188 Impressions

    1 Retweet

    5 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  9. Beware of fake #PoC exploits! Our latest blog uncovers how CVE-2024-49113 is being leveraged to distribute information-stealing malware. Follow this link to understand the tactics used by attackers and how to safeguard your environment: ⬇️ https://t.co/KCAuq4WJ5x

    @TrendMicroRSRCH

    2 Feb 2025

    586 Impressions

    0 Retweets

    0 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  10. The recently discovered LDAPNightmare exploit (CVE-2024-49113) can disrupt your critical Windows infrastructure. Get your comprehensive guide to: 1. Understanding LDAPNightmare 2. Detecting the vulnerability 3. Defending against potential attacks https://t.co/sffA0LF8tG https://

    @SemperisTech

    30 Jan 2025

    112 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Beware of fake #PoC exploits! Our latest blog uncovers how CVE-2024-49113 is being leveraged to distribute information-stealing malware. Follow this link to understand the tactics used by attackers and how to safeguard your environment: https://t.co/z7irG0fugx

    @TrendMicro

    28 Jan 2025

    124 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. A fake #PoC exploit for #LDAPNightmare (CVE-2024-49113) is being used to spread information-stealing malware. Learn how this exploit masquerades as a legitimate sample to deceive security professionals: https://t.co/6xCZE897U9 https://t.co/inxOScRnoC

    @Smidddi

    22 Jan 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. A new exploit, LDAPNightmare (CVE-2024-49113), has been identified, posing a significant threat to Windows systems, including Active Directory. This denial-of-service exploit has the potential to crash domain controllers and critical Windows hosts. https://t.co/sffA0LF8tG https:/

    @SemperisTech

    21 Jan 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. This Wednesday, January 22 at 9 am PT/12 pm ET, SafeBreach Security Team Lead @oryair1999 will share original research on CVE-2024-49113 (“LDAP Nightmare”). Register now to save your spot: https://t.co/JYrKgdI44k https://t.co/sjzLNNByLQ

    @safebreach

    20 Jan 2025

    105 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Beware of fake #PoC exploits! Our latest blog uncovers how CVE-2024-49113 is being leveraged to distribute information-stealing malware. Follow this link to understand the tactics used by attackers and how to safeguard your environment: ⬇️ https://t.co/KCAuq4WJ5x

    @TrendMicroRSRCH

    20 Jan 2025

    84 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Detect CVE-2024-49113 (aka #LDAPNightmare) – Windows LDAP denial-of-service vulnerability exploited via a publicly available PoC – using a set of #Sigma rules in the SOC Prime Platform. https://t.co/jS0yO2YIar

    @SOC_Prime

    17 Jan 2025

    100 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Évidemment il fallait que ça arrive... 🚨 Un faux exploit LDAP Nightmare circule sur GitHub… et cache un infostealer ! 💀 Basé sur la CVE-2024-49113, ce faux PoC télécharge un script malveillant qui exfiltre vos données. ⚠️ Attention aux exploits douteux #LDAPNightmare https:/

    @Guardia_School

    17 Jan 2025

    72 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🚨Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit #CyberAttack #CyberSecurity https://t.co/PSohaTJ1I6

    @DC3DCISE

    17 Jan 2025

    62 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  19. به تازگی آسیب پذیری جدیدی برای سرویس LDAP با کدهای شناسایی CVE-2024-49112 و CVE-2024-49113 منتشر شد. اکسپلویت این آسیب پذیری با نام LDAPNightmare در GitHub به عنوان poc و برای شناسایی این آسیب پذیری توسط کاربران این سرویس ، بارگزاری شد. https://t.co/Poz3aKYxT1 https://t.co/i2Oo

    @AmirHossein_sec

    14 Jan 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. .@TrendMicro's blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware. Learn more: https://t.co/er2zICkbeX

    @rjsandler1

    14 Jan 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Confirmada la existencia de un exploit tipo #PoC para la vulnerabilidad  CVE-2024-49113, conocida como LDAP Nightmare, que afecta a servidores Microsoft Windows incluyendo controladores de dominio enviando peticiones LDAP maliciosas. #PorUnEcuadorCiberseguro @Arcotel_ec https

    @EcuCERT_EC

    14 Jan 2025

    298 Impressions

    7 Retweets

    9 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. On 12/10, Microsoft published CVE-2024-49112 & CVE-2024-49113—two LDAP vulnerabilities that affect Windows Active Directory Domain Controllers. They’ve received significant attention due to their severity and the lack of any public documentation explaining the exploitation pa

    @safebreach

    14 Jan 2025

    70 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  23. A fake proof-of-concept (#POC) exploit for CVE-2024-49113 lures security researchers to download and execute information-stealing malware. Click this link for the full story: https://t.co/jPVrREjPCL https://t.co/25ue4HrROg

    @natordas

    14 Jan 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. A fake proof-of-concept (#POC) exploit for CVE-2024-49113 lures security researchers to download and execute information-stealing malware. Click this link for the full story: https://t.co/jPVrREjPCL https://t.co/FhCycuy8b8

    @natordas

    14 Jan 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Micropatches Released for Windows "LDAPNightmare" Denial of Service Vulnerability (CVE-2024-49113) https://t.co/HL8vBD569k https://t.co/7iWlVj1nbl

    @0patch

    14 Jan 2025

    165 Impressions

    2 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  26. .@TrendMicro's blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware. Learn more: https://t.co/sMbE3Jf4Du

    @Smidddi

    14 Jan 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. According to the latest research from Trend Micro, a fake Proof-of-Concept (PoC) exploit has been identified for CVE-2024-49113, a denial-of-service (DoS) vulnerability previously found in Microsoft’s Windows Lightweight Directory Access Protocol (LDAP). https://t.co/VDCrXYRBCg

    @blackwired32799

    14 Jan 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. Threat Alert: Fake LDAPNightmare exploit on GitHub spreads infostealer malware CVE-2024-49112 CVE-2024-49113 CVE-2024-49138 Severity: ⚠️ Critical Maturity: 💥 Mainstream Learn more: https://t.co/ifVGosLGvd #CyberSecurity #ThreatIntel #InfoSec (1/3)

    @fletch_ai

    14 Jan 2025

    74 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  29. 🚨 #LDAPNightmare: #Vulnerabilidad en Windows Server 🚨 Un exploit PoC para la vulnerabilidad LDAPNightmare (CVE-2024-49113) puede causar la caída del servicio LSASS y reiniciar los controladores de dominio. 🔒💻 #Ciberseguridad #WindowsServer #Actualización https://t.co/G235nCuW

    @mdsolutionsperu

    13 Jan 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. 🚨Threat Campaign Alert - Fake PoC Exploit for CVE-2024-49113 (LDAPNightmare) Lures Security Researchers into Deploying Info-Stealing Malware🚨 Summary: A fake PoC exploit for CVE-2024-49113 targets a critical Windows LDAP vulnerability, tricking security researchers into… https

    @CyberxtronTech

    13 Jan 2025

    96 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  31. A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on #GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. #Malware #CyberSecurity https://t.co/h2VlVJe8ou

    @YourAnonRiots

    12 Jan 2025

    169 Impressions

    4 Retweets

    6 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  32. Fake CVEs for CVE-2024-49113 👀anaylsis by Trendmicro: https://t.co/7ZPtV99G9U https://t.co/3t6NKMXWeL

    @ITSecurityguard

    12 Jan 2025

    792 Impressions

    2 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. .@TrendMicro's blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware. Learn more: https://t.co/q8YSMUSyXx

    @alexandre_tovar

    12 Jan 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. #threatreport #LowCompleteness Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit. Conclusion | 12-01-2025 Source: https://t.co/nrAeCOrbgR Key details below ↓ 💀Threats: Ldapnightmare_vuln, Upx_tool, 🔓CVEs: CVE-2024-49113… https://t.co/pOW0aGCIJw htt

    @rst_cloud

    12 Jan 2025

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. 🚨 Beware: Cybercriminals Using LDAP Nightmare PoC to Steal Your Data 🚨 WIRE TOR - The Ethical Hacking Services A malicious proof-of-concept (PoC) exploit for the vulnerability CVE-2024-49113, dubbed LDAP Nightmare has surfaced on GitHub. #hacker https://t.co/BgtwYhskiV

    @WireTor

    12 Jan 2025

    47 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  36. .@TrendMicro's blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware. Learn more: https://t.co/ZEjcx4DD1H

    @christine_fady

    12 Jan 2025

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. Fake #LDAPNightmware exploit on #GitHub spreads infostealer #malware https://t.co/sG9o3zXPAG A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. #Microsoft htt

    @GeekFeedNet

    12 Jan 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. A deceptive PoC exploit for CVE-2024-49113, dubbed "LDAPNightmare," is reportedly spreading infostealer malware via GitHub, exfiltrating sensitive data to an external FTP server. #CyberSecurity #Malware https://t.co/vCJg66bWF8

    @Cyber_O51NT

    12 Jan 2025

    525 Impressions

    2 Retweets

    9 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. 🚨 **Windows Sunucularında Kritik Güvenlik Açığı: CVE-2024-49113** 🚨 SafeBreach Labs, Windows LDAP hizmetinde "LDAP Nightmare" olarak adlandırılan kritik bir **zero-click** güvenlik açığını ortaya çıkardı. Bu açık, saldırganların kimlik doğrulama gerektirmeden uzaktan kod… ht

    @AydemirSerhat

    11 Jan 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. A deceptive exploit for CVE-2024-49113, known as "LDAPNightmare," has surfaced on GitHub, infecting users with infostealer malware that exfiltrates sensitive data to an external FTP server. Stay informed about this critical security threat. Read more at https://t.co/5TaOtXHMhT

    @trubetech

    11 Jan 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. GitHub - SafeBreach-Labs/CVE-2024-49113: LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113 https://t.co/JiAWnCOF34

    @akaclandestine

    11 Jan 2025

    1528 Impressions

    11 Retweets

    32 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  42. Security pros baited with fake Windows LDAP exploit traps: https://t.co/dAwpIUzuOm Security researchers are being targeted with fake exploits for Microsoft vulnerabilities, specifically CVE-2024-49113 (LDAPNightmare) and CVE-2024-49112, both patched in December 2024. A… https://

    @securityRSS

    10 Jan 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. 🗞️ Stealer Masquerades as LDAPNightmare PoC Exploit Cybercriminals are exploiting the buzz around LDAPNightmare (CVE-2024-49113) by distributing a fake proof-of-concept (PoC) exploit on GitHub that actually installs information-stealing malware. Security experts recommend… http

    @gossy_84

    10 Jan 2025

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. 1/7 A fake proof-of-concept (#POC) exploit for CVE-2024-49113 lures security researchers to download and execute information-stealing malware. Click this link for the full story: https://t.co/KCAuq4WJ5x https://t.co/w7UR33emR3

    @TrendMicroRSRCH

    10 Jan 2025

    405 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  45. Beware of the dangerous #LDAPNightmare exploit posing as a proof-of-concept for Microsoft's CVE-2024-49113 vulnerability. Find out how attackers are distributing information-stealing malware through this fake exploit https://t.co/Jvl0KDihv4

    @the_yellow_fall

    10 Jan 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. 🟠Compartimos el análisis de @TrendMicro un exploit de prueba de concepto (PoC) falso para CVE-2024-49113 (#LDAPNightmare) diseñado para atraer a los investigadores para que descarguen y ejecuten malware que roba información. #QintegraNews #ciberseguridad https://t.co/u7qFmIpJAr

    @QintegraC

    9 Jan 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. OffensiveYARA rule for the PoC exploit for CVE-2024-49113 also known as LDAPNightmare. The main Python Script (LdapNightmare[.]py) relies on the exploit_server.py

    @byt3n33dl3

    9 Jan 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. #LDAPNightmare: SafeBreach Labs Publishes First Proof-of-Concept Exploit for CVE-2024-49113 See how SafeBreach Labs Researchers developed a zero-click PoC exploit... https://t.co/RBArLkWEBc

    @BTshell

    9 Jan 2025

    933 Impressions

    10 Retweets

    21 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  49. A fake PoC for LDAPNightmare (CVE-2024-49113) is spreading info-stealing malware, disguised as legitimate. Beware of malicious downloads! Stay vigilant. ⚠️ #LDAPNightmare #MalwareAlert #USA #ThreatResearch link: https://t.co/btqltlTzip https://t.co/4RXdJNeQEl

    @TweetThreatNews

    9 Jan 2025

    36 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  50. LDAPNightmare: SafeBreach Labs Publishes First Proof-of-Concept Exploit for CVE-2024-49113 https://t.co/QxyAVSGh6F #cybersecurity #vulnerability #ldap #cve #informationsecurity #poc #informationsecurity https://t.co/wTOh1lfkic

    @blackstormsecbr

    9 Jan 2025

    1365 Impressions

    8 Retweets

    24 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

Configurations