NOTLogon vulnerability
Microsoft also issued a patch for CVE-2025-47978, a denial-of-service (DoS) vulnerability in Microsoft’s Netlogon protocol, a core component of all Windows domain controllers. The hole has been dubbed NOTLogon by Dor Segal, senior security researcher at Silverfort, who discovered it. The vulnerability allows any domain-joined machine with minimal privileges to send a specially crafted authentication request that will crash a domain controller and cause a full reboot. It has a CVSS score of 6.5.
“Even low-privilege machines with basic network access can pose major risks if left unchecked,” Segal said in a blog. “This vulnerability shows how only a valid machine account and a crafted RPC message can bring down a domain controller — the backbone of Active Directory operations like authentication, authorization, policy enforcement, and more. If multiple domain controllers are affected, it can bring business to a halt. NOTLogon is a reminder that new protocol features — especially in privileged authentication services — can become attack surfaces overnight. Staying secure isn’t only about applying patches — it’s about examining the foundational systems we rely on every day.”
Finally, Tenable’s Satnam Narang, senior staff research engineer, said CSOs should be paying attention to fixing the recently revealed Citrix NetScaler vulnerabilities, specifically CVE-2025-5777, also known as CitrixBleed 2. “It is strikingly similar to the original CitrixBleed,” he said to CSO in an email, “where attackers are able to steal session tokens from NetScaler systems and use them to gain access to networks, even if patches have been applied. There are reports that exploitation of CitrixBleed 2 goes back to mid-June, so organizations that utilize NetScaler should be reviewing logs for rapid a succession of suspicious requests and known indicators of compromise, and most importantly, invalidate session tokens to prevent follow-on activity.”
