Security pros baited with fake Windows LDAP exploit traps

Security researchers are once again being lured into traps by attackers, this time with fake exploits of serious Microsoft security flaws.

Trend Micro spotted what appears to be a fork of the legitimate proof-of-concept (PoC) exploit for LDAPNightmare, initially published by SafeBreach Labs on January 1. But the "forked" exploit PoC actually leads to the download and execution of information-stealing malware.

LDAPNightmare is the name of the PoC for CVE-2024-49113, a 7.5-severity denial-of-service bug in LDAP patched in Microsoft's December Patch Tuesday.

It was one of two LDAP bugs – the other being the critical CVE-2024-49112 – addressed in Microsoft's final updates of 2024. Trend Micro researcher Sarah Pearl Camiling said that "both vulnerabilities were deemed as highly significant due to the widespread use of LDAP in Windows environments," and thus of keen interest to defenders.

In the counterfeit PoC, the legitimate version's Python files were replaced with ...