CVE-2024-49112

CRITICAL9.8

High EPSS

JSON export Create alert

Description

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Unchanged

Changed

Affected products

Microsoft / Windows 10 Version 150710.0.10240.0 – 10.0.10240.20857
Microsoft / Windows 10 Version 160710.0.14393.0 – 10.0.14393.7606
Microsoft / Windows 10 Version 180910.0.17763.0 – 10.0.17763.6659
Microsoft / Windows 10 Version 21H210.0.19043.0 – 10.0.19044.5247
Microsoft / Windows 10 Version 22H210.0.19045.0 – 10.0.19045.5247
Microsoft / Windows 11 version 22H210.0.22621.0 – 10.0.22621.4602
Microsoft / Windows 11 version 22H310.0.22631.0 – 10.0.22631.4602
Microsoft / Windows 11 version 23H210.0.22631.0 – 10.0.22631.4602
Microsoft / Windows 11 Version 24H210.0.26100.0 – 10.0.26100.2605
Microsoft / Windows Server 2008 R2 Service Pack 16.1.7601.0 – 6.1.7601.27467
Microsoft / Windows Server 2008 R2 Service Pack 1 (Server Core installation)6.1.7601.0 – 6.1.7601.27467
Microsoft / Windows Server 2008 Service Pack 26.0.6003.0 – 6.0.6003.23016
Microsoft / Windows Server 2008 Service Pack 2 (Server Core installation)6.0.6003.0 – 6.0.6003.23016
Microsoft / Windows Server 20126.2.9200.0 – 6.2.9200.25222
Microsoft / Windows Server 2012 R26.3.9600.0 – 6.3.9600.22318
Microsoft / Windows Server 2012 R2 (Server Core installation)6.3.9600.0 – 6.3.9600.22318
Microsoft / Windows Server 2012 (Server Core installation)6.2.9200.0 – 6.2.9200.25222
Microsoft / Windows Server 201610.0.14393.0 – 10.0.14393.7606
Microsoft / Windows Server 2016 (Server Core installation)10.0.14393.0 – 10.0.14393.7606
Microsoft / Windows Server 201910.0.17763.0 – 10.0.17763.6659
Microsoft / Windows Server 2019 (Server Core installation)10.0.17763.0 – 10.0.17763.6659
Microsoft / Windows Server 202210.0.20348.0 – 10.0.20348.2966
Microsoft / Windows Server 2022, 23H2 Edition (Server Core installation)10.0.25398.0 – 10.0.25398.1308
Microsoft / Windows Server 202510.0.26100.0 – 10.0.26100.2605
Microsoft / Windows Server 2025 (Server Core installation)10.0.26100.0 – 10.0.26100.2605

References

VENDOR_ADVISORYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112