CVE-2024-49127: 
vulnerability analysis and mitigation

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2024-49127) was disclosed on December 11, 2024. This vulnerability affects multiple versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and various Windows Server editions (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 8.1 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability is associated with two Common Weakness Enumerations (CWE): CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization - 'Race Condition') and CWE-416 (Use After Free) (NVD).

This vulnerability allows for remote code execution, potentially enabling attackers to gain high levels of access to affected systems, with potential impacts on confidentiality, integrity, and availability of the system (Rapid7).

Microsoft has released security updates to address this vulnerability across multiple affected versions. Updates are available through various KB articles including KB5048652, KB5048653, KB5048654, KB5048661, KB5048667, KB5048671, KB5048685, KB5048699, KB5048703, and KB5048735 (Rapid7).