Research revealed more DoS flaws
SafeBreach researchers also discovered CVE-2025-26673 in DC’s Netlogon service, where crafted RPC calls could crash the service remotely without authentication. By exploiting this weakness, attackers could knock out a critical Windows authentication component, potentially locking users out of domain resources until the system is rebooted. Similarly, CVE-2025-49716 targets Windows Local Security Authority Subsystem Service (LSASS), enabling a remote attacker to send specially formed LDAP queries that destabilize the service, leading to immediate DoS on the affected host.
Rounding out SafeBreach’s list is CVE-2025-49722, a DoS flaw in Windows Print Spooler. This bug can be triggered by sending malformed RPC requests that cause the spooler process to fail, interrupting printing operations and, in some cases, impacting broader system stability.
While Microsoft has fixed the LDAPNightmare (CVE-2024-49113) and CVE-2025-32724 through December 2024 and April 2025 Patch Tuesday releases, respectively, the remaining three of SafeBreach reported flaws remain unaddressed. Microsoft did not immediately respond to CSO’s request for comment. To defend against Win-DDoS and other DoS risks, SafeBreach urges applying Microsoft’s latest patches, limiting DC service exposure, segmenting critical systems, and monitoring for unusual LDAP or RPC traffic to detect attacks early.
