Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

MonitorCVSS 5.5CVE-2026-34339May 12, 2026

Microsoft

IT in OT - Windows Server and Active Directory are widely deployed in OT environments

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

A null pointer dereference in Windows LDAP allows an authorized attacker with local access to cause a denial of service by crashing the LDAP service. The vulnerability affects multiple Windows versions including Windows 10, Windows 11, Windows Server 2016, 2019, 2022, and 2025. Microsoft has released fixes in the May 2026 security update.

What this means

What could happen

An attacker with local access to a Windows machine running LDAP services could crash the LDAP process, disrupting directory authentication and potentially blocking user logons and service authentication across your network.

Who's at risk

Windows domain controllers and member servers running LDAP (Active Directory). This affects administrators of Windows 10, Windows 11, Windows Server 2016, 2019, 2022, and 2025 installations that authenticate users or services via LDAP.

How it could be exploited

An attacker with a local user account on a Windows system running LDAP (typically a domain controller or member server) sends a specially crafted LDAP request that triggers a null pointer dereference, causing the LDAP service to crash and stop responding to authentication requests.

Prerequisites

Local user account on the Windows machine
LDAP service running and enabled on the target system (typical on domain controllers and many member servers)

Requires local credentialsLow complexity attackMedium impact to service availabilityAffects authentication infrastructure

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (27)

27 with fix

ProductAffected VersionsFix Status

Windows 10 Version 1809 for 32-bit SystemsAll versionsBuild 10.0.17763.8755

Windows 10 Version 1809 for x64-based SystemsAll versionsBuild 10.0.17763.8755

Windows Server 2019All versionsBuild 10.0.17763.8755

Windows Server 2019 (Server Core installation)All versionsBuild 10.0.17763.8755

Windows Server 2022All versionsBuild 10.0.20348.5139

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDMonitor LDAP service health and availability; configure alerts for unexpected LDAP process crashes or service restarts

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXApply the May 2026 Windows security update to patch the LDAP null pointer dereference for your Windows version (see product fixes for specific build numbers)

Long-term hardening

0/1

HARDENINGRestrict local user account creation and access on domain controllers and servers running LDAP services to authorized administrators only

CVEs (1)

CVE-2026-34339

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e62a9746-35f8-4465-8c6a-774402b317bd

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.