Critical RCE vulnerability affecting the Windows LDAP Client with a CVSS score of 9.8. This vulnerability could allow an unprivileged attacker to run arbitrary code on an Internet-exposed Active Directory Server by sending a specialized set of LDAP calls to the server.
Microsoft recommends that all Active Directory servers be configured to not accept Remote Procedure Calls (RPCs) from untrusted networks in addition to patching this vulnerability.
What actions do customers need to perform to be protected against this vulnerability?
This vulnerability affects both LDAP clients and servers running an affected version of Windows listed in the Security Updates table. Customers must apply the latest security update for their Windows version to be protected against this vulnerability.
Is there any action a customer can take if they are unable to apply the update?
Ensure that domain controllers are configured either to not access the internet or to not allow inbound RPC from untrusted networks. While either mitigation will protect your system from this vulnerability, applying both configurations provides an effective defense-in-depth against this vulnerability.
RPC and LDAP are published externally through SSL. What does this mitigation mean in the context of external network connectivity?
Applying the mitigations will decrease the risk of an attacker successfully convincing or tricking a victim into connecting to a malicious server. If a connection is made, the attacker could send malicious requests to the target over SSL.
How could an attacker exploit this vulnerability?
A remote unauthenticated attacker who successfully exploited this vulnerability would gain the ability to execute arbitrary code within the context of the LDAP service. However successful exploitation is dependent upon what component is targeted:
In the context of exploiting a domain controller for an LDAP server, to be successful an attacker must send specially crafted RPC calls to the target to trigger a lookup of the attacker’s domain to be performed to be successful.
In the context of exploiting an LDAP client application, to be successful an attacker must convince or trick the victim into performing a domain controller lookup for the attacker’s domain or into connecting to a malicious LDAP server. However, unauthenticated RPC calls would not succeed.
Could an attacker leverage inbound RPC tunnels connected to Windows 11 to successfully exploit this vulnerability?
Yes, an attacker could use an RPC connection to a domain controller to trigger domain controller lookup operations against the attacker’s domain.
The Legal sector has deep access to crucial information spanning both the public and private sectors. Over the years, cybercriminals have refined techniques to target these firms, resulting in severe ransomware attacks, public data breaches, and significant reputational harm. Highly valuable information, such as financial data, merger and acquisition details, investment strategies, and healthcare records, remains a lucrative commodity for criminals trading on dark web marketplaces.
Law firms need advanced cybersecurity expertise to identify, prevent, and mitigate cyber threats before they can disrupt operations. Partnering with a cybersecurity provider that comprehends the unique complexities of your business is essential. At Blackswan Cybersecurity, Managed Detection and Response is our core offering, powered by our Texas-based 24/7 Cyber Fusion Center. Blackswan has a proven track record of safeguarding our clients against ransomware groups and state-sponsored cyberattacks. Read more.
Eighth Annual List Reveals Leading MSSP, MDR, and MSP Security Companies from Around the World
DALLAS, TX – November 21, 2024 – Blackswan Cybersecurity ranks among the global Top 250 MSSPs (https://www.msspalert.com/top-250) for 2024, according to MSSP Alert, a CyberRisk Alliance resource.
The Top 250 MSSPs for 2024 honorees were announced on October 15 at MSSP Alert Live.
Blackswan Cybersecurity was ranked among the Top 250 MSSPs for 2024.
“We are incredibly honored to be recognized by MSSP Alert as one of the top managed security service providers globally,” said Dr. Mike Saylor, CEO, Blackswan Cybersecurity. “This achievement highlights our team’s dedication to going above and beyond. By providing accessible, enterprise-grade protection right-sized for each organization’s business needs and risk, our clients have 24/7 assurance in this rapidly changing threat landscape.”
“MSSP Alert and CyberRisk Alliance congratulate Blackswan Cybersecurity on this honor,” said Jessica C. Davis, editorial director of MSSP Alert, a CyberRisk Alliance resource. “The Top 250 MSSPs are an elite group of cybersecurity service providers, and they continue to outperform the overall cybersecurity services market. Members of this list are the best of the best.”
MSSP Alert’s Top 250 MSSPs list and research report are overseen by Jessica C. Davis, editorial director, MSSP Alert, and ChannelE2E.
“This recognition is a testament to the hard work and relentless dedication of our entire team,” said Chris Roach, COO, Blackswan Cybersecurity. “As we continue to expand our service offerings and enhance our Cyber Fusion Center capabilities, our focus remains on delivering proactive and resilient cybersecurity strategies for our clients. Being named among the top MSSPs validates our approach to comprehensive managed security services—offering highly customizable security solutions with a white glove delivery. From 24/7 threat monitoring to rapid incident response solutions, Blackswan is committed to setting new standards in cybersecurity excellence, ensuring our clients are always one step ahead of potential threats.”
About Blackswan Cybersecurity
Blackswan Cybersecurity is a leader in fit-for-purpose cybersecurity solutions. Blackswan helps companies identify the right safeguards for protecting their data assets and outperforming cybersecurity compliance requirements by offering customizable, comprehensive suite of skills, capabilities, and services. These services range from comprehensive 24/7/365 managed security services (SOC-as-a-service), assessment-level gap analysis, vulnerability identification and remediation, incident and breach response, user awareness training, GRC assessments and analysis, and virtual CISO services. Powered by Blackswan’s Fusion Center, Blackswan Cybersecurity provides around-the-clock access to cyber professionals and ‘eyes-on-glass’ threat monitoring, detection, and remediation services from their North Texas-based Cyber Fusion Center (SOC evolved). Blackswan Cybersecurity strives to democratize enterprise-level security services, offering the same level of skills, capabilities, and protection against data breaches for organizations of all sizes.
