Nynox advisory - Threat alert -
Microsoft Windows desktop & server
– Date: 10th of December –
📢 Threat Alert – Windows – 🚨 Critical Security Alert! 🚨 Don’t let CVE-2024-49112 catch you off guard. Learn how to safeguard your Windows systems NOW! 💻🔒.
On the 10th of December 2024, Microsoft published a security advisory about a critical vulnerability that allows an unauthenticated attacker to gain code execution on any Windows machine through a specially crafted set of LDAP calls to execute arbitrary code within the context of the LDAP service, CVE-2024-49112 (CVSS 9.8).
What’s going on?
⚠️ Unauthenticated attackers can exploit it remotely in low-complexity attacks that don’t require user interaction by sending specially crafted set of LDAP calls to any host that runs any Windows OS.
⚠️ In their security update blog Microsoft says that no public POC is available and that it’s not currently being exploited.
⚠️ The affected versions are: All Windows operating systems. From Windows Server 2008 to 2025, Windows 10 all versions and Windows 11 all versions.
WHY IS THIS a PROBLEM?
❗Any Windows machine exposed to the internet is susceptible to this vulnerability.
❗There are no known public POC’s available. Nevertheless, this could change at any moment in the coming weeks/months.
❗Windows is used as the operating system in most critical infrastructure all over the world, it’s imperative to patch as soon as possible.
How does Nynox protect its customers?
🛡️ Free threat hunting based on the indicators for this attack
🛡️ Personalized assistance to mitigate the risk
🛡️ 24×7 Incident Response (CSIRT)
🛡️ 24×7 monitoring of customer environments
WHAT CAN YOU DO TO MITIGATE THE RISK?
✅ Please patch to the latest available security update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112
But what if you can’t?
✅ Limit access via the network using network security tooling (VPN) or the firewall.
✅ Do not allow inbound RPC.
But what if yOu can’t?
✅ Remove all USB controllers from the Virtual Machine, disabling USB passthrough functionality, and rendering virtual USB devices inaccessible.
✅ Default keyboard and mouse input devices remain unaffected because they operate independently of the USB protocol.
In need of assistent? We're here for you!
