A critical vulnerability, CVE-2024-49112, was discovered in the Windows Lightweight Directory Access Protocol (LDAP) service, allowing remote code execution (RCE) and posing significant risks to enterprise networks, especially domain controllers. This flaw stems from an integer overflow in LDAP-related code, which can be exploited by unauthenticated attackers through specially crafted RPC calls, potentially leading to server crashes or remote code execution. SafeBreach Labs has released a proof-of-concept (PoC) exploit, "LDAPNightmare," which demonstrates how attackers can exploit the vulnerability to crash unpatched servers. The vulnerability affects all Windows Server versions prior to the December 2024 patch. Microsoft has released a patch, and organizations are urged to apply it immediately, monitor for suspicious activities, and test their environments using SafeBreach's PoC tool to prevent exploitation.

‍