Описание
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Меры по смягчению последствий
Is there any action a customer can take to protect against this vulnerability if they are unable to apply the update?
Ensure that domain controllers are configured either to not access the internet or to not allow inbound RPC from untrusted networks. While either mitigation will protect your system from this vulnerability, applying both configurations provides an effective defense-in-depth against this vulnerability.
RPC and LDAP are published externally through SSL. What does this mitigation mean in the context of external network connectivity?
Applying the mitigations will decrease the risk of an attacker successfully convincing or tricking a victim into connecting to a malicious server. If a connection is made, the attacker could send malicious requests to the target over SSL.
FAQ
What actions do customers need to perform to be protected against this vulnerability?
This vulnerability affects both LDAP clients and servers running an affected version of Windows listed in the Security Updates table. Customers must apply the latest security update for their Windows version to be protected against this vulnerability.
How could an attacker exploit this vulnerability?
A remote unauthenticated attacker who successfully exploited this vulnerability would gain the ability to execute arbitrary code within the context of the LDAP service. However successful exploitation is dependent upon what component is targeted.
In the context of exploiting a domain controller for an LDAP server, to be successful an attacker must send specially crafted RPC calls to the target to trigger a lookup of the attacker's domain to be performed in order to be successful.
In the context of exploiting an LDAP client application, to be successful an attacker must convince or trick the victim into performing a domain controller lookup for the attacker’s domain or into connecting to a malicious LDAP server. However, unauthenticated RPC calls would not succeed.
Could an attacker leverage inbound RPC tunnels connected to Windows 11 to successfully exploit this vulnerability?
Yes, an attacker could use an RPC connection to a domain controller to trigger domain controller lookup operations against the attacker's domain.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows Server 2008 for 32-bit Systems Service Pack 2 | ||
| Windows Server 2008 for x64-based Systems Service Pack 2 | ||
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | ||
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | ||
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | ||
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | ||
| Windows Server 2012 | ||
| Windows Server 2012 (Server Core installation) | ||
| Windows Server 2012 R2 | ||
| Windows Server 2012 R2 (Server Core installation) |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Уязвимость реализации протокола службы каталогов LDAP операционной системы Microsoft Windows, позволяющая нарушителю выполнить произвольный код
EPSS
9.8 Critical
CVSS3