Research Revealed More DoS Flaws
In a recent analysis, SafeBreach researchers have unveiled several vulnerabilities that could significantly impact the stability of Windows environments. Among these is CVE-2025-26673, identified within the Netlogon service. This particular flaw allows crafted Remote Procedure Call (RPC) requests to crash the service remotely, all without the need for authentication. Such an exploit could incapacitate a vital Windows authentication component, potentially locking users out of essential domain resources until a system reboot is performed.
Another critical vulnerability, CVE-2025-49716, targets the Windows Local Security Authority Subsystem Service (LSASS). This flaw enables remote attackers to send specially crafted Lightweight Directory Access Protocol (LDAP) queries, destabilizing the service and resulting in an immediate denial of service (DoS) on the affected host.
SafeBreach’s findings also include CVE-2025-49722, a DoS vulnerability affecting the Windows Print Spooler. This issue can be triggered by sending malformed RPC requests, which may lead to the failure of the spooler process, disrupting printing operations and potentially affecting overall system stability.
While Microsoft has addressed some vulnerabilities, including LDAPNightmare (CVE-2024-49113) and CVE-2025-32724, through their Patch Tuesday releases scheduled for December 2024 and April 2025, respectively, the three vulnerabilities identified by SafeBreach remain unresolved. Microsoft has yet to respond to inquiries regarding these issues.
To mitigate the risks associated with Win-DDoS and other denial-of-service threats, SafeBreach recommends that organizations apply the latest Microsoft patches, limit exposure of Domain Controller services, segment critical systems, and actively monitor for unusual LDAP or RPC traffic to facilitate early detection of potential attacks.