Analysis revealed extra DoS flaws
SafeBreach researchers additionally found CVE-2025-26673 in DC’s Netlogon service, the place crafted RPC calls may crash the service remotely with out authentication. By exploiting this weak point, attackers may knock out a important Home windows authentication element, probably locking customers out of area assets till the system is rebooted. Equally, CVE-2025-49716 targets Home windows Native Safety Authority Subsystem Service (LSASS), enabling a distant attacker to ship specifically shaped LDAP queries that destabilize the service, resulting in instant DoS on the affected host.
Rounding out SafeBreach’s checklist is CVE-2025-49722, a DoS flaw in Home windows Print Spooler. This bug may be triggered by sending malformed RPC requests that trigger the spooler course of to fail, interrupting printing operations and, in some instances, impacting broader system stability.
Whereas Microsoft has mounted the LDAPNightmare (CVE-2024-49113) and CVE-2025-32724 by December 2024 and April 2025 Patch Tuesday releases, respectively, the remaining three of SafeBreach reported flaws stay unaddressed. Microsoft didn’t instantly reply to CSO’s request for remark. To defend in opposition to Win-DDoS and different DoS dangers, SafeBreach urges making use of Microsoft’s newest patches, limiting DC service publicity, segmenting important techniques, and monitoring for uncommon LDAP or RPC visitors to detect assaults early.
