‘Win-DDoS’: Researchers unveil botnet approach exploiting Windows area controllers

Research revealed extra DoS flaws

SafeBreach researchers additionally found CVE-2025-26673 in DC’s Netlogon service, the place crafted RPC calls may crash the service remotely with out authentication. By exploiting this weak point, attackers may knock out a vital Windows authentication part, probably locking customers out of area sources till the system is rebooted. Similarly, CVE-2025-49716 targets Windows Local Security Authority Subsystem Service (LSASS), enabling a distant attacker to ship specifically shaped LDAP queries that destabilize the service, resulting in speedy DoS on the affected host.

Rounding out SafeBreach’s record is CVE-2025-49722, a DoS flaw in Windows Print Spooler. This bug may be triggered by sending malformed RPC requests that trigger the spooler course of to fail, interrupting printing operations and, in some instances, impacting broader system stability.

While Microsoft has fastened the LDAPNightmare (CVE-2024-49113) and CVE-2025-32724 by means of December 2024 and April 2025 Patch Tuesday releases, respectively, the remaining three of SafeBreach reported flaws stay unaddressed. Microsoft didn’t instantly reply to CSO’s request for remark. To defend towards Win-DDoS and different DoS dangers, SafeBreach urges making use of Microsoft’s newest patches, limiting DC service publicity, segmenting vital programs, and monitoring for uncommon LDAP or RPC site visitors to detect assaults early.