Skip to main content

CVE-2024-49113: CWE-125: Out-of-bounds Read in Microsoft Windows 10 Version 1809

High
VulnerabilityCVE-2024-49113cvecve-2024-49113cwe-125
Published: Tue Dec 10 2024 (12/10/2024, 17:49:45 UTC)
Source: CVE
Vendor/Project: Microsoft
Product: Windows 10 Version 1809

Description

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

AI-Powered Analysis

AILast updated: 07/04/2025, 20:43:06 UTC

Technical Analysis

CVE-2024-49113 is a high-severity vulnerability identified as an out-of-bounds read (CWE-125) in the Lightweight Directory Access Protocol (LDAP) implementation of Microsoft Windows 10 Version 1809 (build 10.0.17763.0). This vulnerability allows an unauthenticated remote attacker to cause a denial of service (DoS) condition by sending specially crafted LDAP requests to a vulnerable Windows 10 system. The out-of-bounds read occurs when the LDAP service processes these malformed requests, leading to memory access violations that can crash the LDAP service or the entire system, resulting in service disruption. The CVSS v3.1 base score is 7.5, reflecting a high severity due to the network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and a direct impact on availability (A:H) without affecting confidentiality or integrity. No known exploits are currently reported in the wild, and no patches have been linked yet, indicating that mitigation may rely on workarounds or monitoring until official updates are released. This vulnerability specifically affects Windows 10 Version 1809, which is an older but still in-use version in some environments, particularly in legacy or specialized systems. The LDAP service is critical for directory services, authentication, and network resource access, so disruption can have significant operational impacts.

Potential Impact

For European organizations, the impact of CVE-2024-49113 can be substantial, especially for enterprises and public sector entities relying on Windows 10 Version 1809 for directory services and authentication infrastructure. A successful exploitation could lead to denial of service on domain controllers or other LDAP-dependent systems, causing authentication failures, service outages, and potential disruption of business-critical applications. This could affect sectors such as finance, healthcare, government, and manufacturing, where directory services are integral to identity management and access control. The lack of confidentiality or integrity impact reduces risks of data breaches, but availability disruptions can still cause operational downtime and loss of productivity. Given the network-based attack vector and no requirement for privileges or user interaction, attackers could remotely target exposed LDAP endpoints, increasing the threat surface. Organizations with legacy systems or delayed patching cycles are at higher risk. Additionally, the absence of known exploits in the wild suggests a window of opportunity for proactive defense before active attacks emerge.

Mitigation Recommendations

1. Immediate mitigation should include restricting network access to LDAP services on Windows 10 Version 1809 systems, using firewalls or network segmentation to limit exposure to trusted sources only. 2. Monitor LDAP service logs and network traffic for unusual or malformed LDAP requests that could indicate exploitation attempts. 3. Where possible, upgrade affected systems to a supported and patched version of Windows 10 or later, as newer versions are less likely to be vulnerable. 4. Implement intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics to detect anomalous LDAP traffic patterns. 5. Apply any forthcoming security patches from Microsoft promptly once released. 6. For critical infrastructure, consider deploying redundant directory services or failover mechanisms to minimize downtime if a DoS occurs. 7. Conduct regular vulnerability assessments and penetration testing focused on LDAP services to identify exposure and validate defenses. 8. Educate IT staff about this vulnerability and ensure incident response plans include scenarios involving LDAP service disruption.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
microsoft
Date Reserved
2024-10-11T20:57:49.206Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d9815c4522896dcbd6283

Added to database: 5/21/2025, 9:08:37 AM

Last enriched: 7/4/2025, 8:43:06 PM

Last updated: 8/16/2025, 5:11:47 AM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats