Rapid Response Status Page
All Systems Operational
Rapid Response Operational
90 days ago
91.7 % uptime
Today
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Major outage
Partial outage
No downtime recorded on this day.
No data exists for this day.
had a major outage.
had a partial outage.
Past Incidents
Jan 14, 2025

No incidents reported today.

Jan 13, 2025

No incidents reported.

Jan 12, 2025

No incidents reported.

Jan 11, 2025

No incidents reported.

Jan 10, 2025

No incidents reported.

Jan 9, 2025

No incidents reported.

Jan 8, 2025

No incidents reported.

Jan 7, 2025

No incidents reported.

Jan 6, 2025

No incidents reported.

Jan 5, 2025

No incidents reported.

Jan 4, 2025

No incidents reported.

Jan 3, 2025

No incidents reported.

Jan 2, 2025
Resolved - Dear Customers,

Following our recent update regarding the LDAPNightmare vulnerability (CVE-2024-49112),
we would like to update that the recently released Proof-of-Concept (PoC) is not related to CVE-2024-49112. This significantly reduces the likelihood of an RCE PoC being released.

In the meantime, we have published two new hunting queries for identifying outgoing LDAP queries to external IP Addresses and incoming RPC traffic towards domain controllers from external IP Addresses, Both being observed as possible exploitation activity of CVE-2024-49112.

These queries are available on Axon's GitHub:
-Outgoing LDAP queries to external IP’s:
https://github.com/axon-git/rapid-response/blob/main/CVE-2024-49112/ldap_queries_to_external_ip.sql
-Incoming RPC traffic to domain controllers from external IP’s:
https://github.com/axon-git/rapid-response/blob/main/CVE-2024-49112/external_rpc_to_dc.sql

Axon reports have also been published for Team Axon customers, including the updated list of deliverables.

We continue to monitor CVE-2024-49112 and will provide further updates as necessary. Should you have any questions regarding the queries or any other concerns, please don't hesitate to reach out.

Sincerely,
Team Axon

Jan 2, 15:28 UTC
Investigating - Team AXON is monitoring the critical vulnerability affecting LDAP clients on Windows Domain Controllers.
This flaw, identified as CVE-2024-49112, was published by Microsoft on December 10, 2024, with a CVSS severity score of 9.8 out of 10. Although Microsoft has disclosed the vulnerability, no public exploit or detailed blog post explaining the exploitation path was released initially.

We have recently observed the publication of a Proof-of-Concept related to this vulnerability. It’s important to note, the PoC is not yet fully developed and currently results in a denial-of-service (DoS) rather than remote code execution (RCE) which drastically reduced the impact of exploitation.

According to Microsoft, this vulnerability affects both LDAP clients and servers running impacted versions. To mitigate potential risks, we recommend:
- Applying the latest security updates for Windows immediately to ensure protection.
- If patching is not possible, restricting access by:
- Blocking inbound RPC from untrusted networks to Domain Controllers.
- Preventing external access to LDAP services.

Our team will provide updates after deeply analyzing and assessing the vulnerability, including potential deliverables. In case of identification of impacted customers, they will be notified directly.

For further assistance, please don't hesitate to contact us.

Sincerely,
Team Axon

Jan 2, 10:12 UTC
Resolved - Dear customers,

Following our latest update, we continued with the threat-focused research and hunting efforts, further evaluating the threat and looking for potential hits in your organizational infrastructures.

AXON reports have been published for AXON customers, including:

- New Indicators of compromise
- Relevant hits that require your attention (both full list and summarized view)
- Link to a GitHub repository with a list of all relevant IOCs and threat hunting queries

Please feel free to reach out in case of any follow-up questions.

Sincerely,
Team AXON.

Jan 2, 15:10 UTC
Identified - Dear Customers,

Team AXON is continuing to investigate the Cyberhaven incident and has identified additional malicious chrome extensions. An updated AXON report outlining the new findings will be uploaded as soon as we conclude the investigation. If any new hits are identified in your environment you'll be notified in the updated AXON report.

Please feel free to reach out in case of any follow-up questions.

Sincerely,
Team AXON.

Jan 1, 10:14 UTC
Jan 1, 2025
Dec 31, 2024

No incidents reported.