‘Wormable’ Windows LDAP Vulnerability Allow Attackers Arbitrary Code Remotely
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A critical security vulnerability has been identified in Windows’ Lightweight Directory Access Protocol (LDAP) implementation, allowing attackers to execute arbitrary code remotely.
This “wormable” vulnerability, designated as CVE-2025-21376, was disclosed on February 11, 2025, by Microsoft.
The vulnerability is classified as a Remote Code Execution (RCE) issue, which can be exploited without requiring any user interaction or privileges.
The vulnerability involves multiple weaknesses, including a race condition (CWE-362), an integer underflow (CWE-191), and a heap-based buffer overflow (CWE-122).
An attacker can exploit this vulnerability by sending a specially crafted request to a vulnerable LDAP server.
Successful exploitation could result in a buffer overflow, which could be leveraged to achieve remote code execution.
The Common Vulnerability Scoring System (CVSS) assigns a base score of 8.1 and a temporal score of 7.1 to this vulnerability.
While the Microsoft experts noted that the attack vector is network-based (AV:N), with high attack complexity (AC:H), no privileges required (PR:N), and no user interaction needed (UI:N).
The scope is unchanged (S:U), with high impact on confidentiality, integrity, and availability (C:H, I:H, A:H).
Exploitability and Impact
Although there is no public exploit code available yet, the exploitability assessment indicates that exploitation is more likely. The vulnerability is not publicly disclosed or exploited at this time.
However, the potential for exploitation is significant due to its wormable nature, which means it could spread rapidly across networks without user intervention.
To mitigate this vulnerability, users are advised to apply the latest security updates from Microsoft.
As of the February 2025 Patch Tuesday, updates are available for affected systems, including Windows Server 2019 and Windows 10 Version 1809.
Users should prioritize applying the latest security patches to prevent exploitation of this vulnerability. So, staying informed about the latest vulnerabilities and updates is crucial for maintaining robust cybersecurity defenses.
#Cyber_Security_News #Vulnerability #cyber_security_news #vulnerability
Оригинальная версия на сайте:
‘Wormable’ Windows LDAP Vulnerability Allow Attackers Arbitrary Code Remotely
Author: Tushar Subhra DuttaA critical security vulnerability has been identified in Windows’ Lightweight Directory Access Protocol (LDAP) implementation, allowing attackers to execute arbitrary code remotely.
This “wormable” vulnerability, designated as CVE-2025-21376, was disclosed on February 11, 2025, by Microsoft.
The vulnerability is classified as a Remote Code Execution (RCE) issue, which can be exploited without requiring any user interaction or privileges.
The vulnerability involves multiple weaknesses, including a race condition (CWE-362), an integer underflow (CWE-191), and a heap-based buffer overflow (CWE-122).
An attacker can exploit this vulnerability by sending a specially crafted request to a vulnerable LDAP server.
Successful exploitation could result in a buffer overflow, which could be leveraged to achieve remote code execution.
The Common Vulnerability Scoring System (CVSS) assigns a base score of 8.1 and a temporal score of 7.1 to this vulnerability.
While the Microsoft experts noted that the attack vector is network-based (AV:N), with high attack complexity (AC:H), no privileges required (PR:N), and no user interaction needed (UI:N).
The scope is unchanged (S:U), with high impact on confidentiality, integrity, and availability (C:H, I:H, A:H).
Exploitability and Impact
Although there is no public exploit code available yet, the exploitability assessment indicates that exploitation is more likely. The vulnerability is not publicly disclosed or exploited at this time.
However, the potential for exploitation is significant due to its wormable nature, which means it could spread rapidly across networks without user intervention.
To mitigate this vulnerability, users are advised to apply the latest security updates from Microsoft.
As of the February 2025 Patch Tuesday, updates are available for affected systems, including Windows Server 2019 and Windows 10 Version 1809.
Users should prioritize applying the latest security patches to prevent exploitation of this vulnerability. So, staying informed about the latest vulnerabilities and updates is crucial for maintaining robust cybersecurity defenses.
#Cyber_Security_News #Vulnerability #cyber_security_news #vulnerability
Оригинальная версия на сайте:
