一、漏洞详情
windows lightweight directory access protocol (ldap)是一种基于ldap协议的轻量级目录访问协议,广泛用于windows active directory (ad)环境中,用来访问和管理目录服务信息。
近日,监测到windows lightweight directory access protocol远程代码执行漏洞(cve-2024-49112)。windows ldap服务的wldap32.dll中存在整数溢出问题,攻击者可以通过未认证的特制dce/rpc调用(或通过其他方式)诱使目标服务器(作为ldap客户端)向攻击者控制的恶意ldap服务器发起查询请求,当恶意ldap服务器返回特制的、恶意构造的响应时,可能触发目标服务器中的漏洞,进而导致lsass崩溃,引发系统重启,并可能进一步利用该漏洞导致远程代码执行。
建议受影响用户做好资产自查以及预防工作,以免遭受黑客攻
二、影响范围
windows 10 for x64-based systems
windows 10 for 32-bit systems
windows server 2025
windows 11 version 24h2 for x64-based systems
windows 11 version 24h2 for arm64-based systems
windows server 2022, 23h2 edition (server core installation)
windows 11 version 23h2 for x64-based systems
windows 11 version 23h2 for arm64-based systems
windows server 2025 (server core installation)
windows 10 version 22h2 for 32-bit systems
windows 10 version 22h2 for arm64-based systems
windows 10 version 22h2 for x64-based systems
windows 11 version 22h2 for x64-based systems
windows 11 version 22h2 for arm64-based systems
windows 10 version 21h2 for x64-based systems
windows 10 version 21h2 for arm64-based systems
windows 10 version 21h2 for 32-bit systems
windows server 2022 (server core installation)
windows server 2022
windows server 2019 (server core installation)
windows server 2019
windows 10 version 1809 for x64-based systems
windows 10 version 1809 for 32-bit systems
windows server 2012 r2 (server core installation)
windows server 2012 r2
windows server 2012 (server core installation)
windows server 2012
windows server 2008 r2 for x64-based systems service pack 1 (server core installation)
windows server 2008 r2 for x64-based systems service pack 1
windows server 2008 for x64-based systems service pack 2 (server core installation)
windows server 2008 for x64-based systems service pack 2
windows server 2008 for 32-bit systems service pack 2 (server core installation)
windows server 2008 for 32-bit systems service pack 2
windows server 2016 (server core installation)
windows server 2016
windows 10 version 1607 for x64-based systems
windows 10 version 1607 for 32-bit systems
三、修复建议
目前微软已发布该漏洞的安全更新,受影响的用户可在更新可用时及时修复。
