New ‘Win-DoS’ Zero-Click Vulnerabilities Transform Windows Servers, Endpoints, and Domain Controllers into DDoS Botnets

At the DEF CON 33 security conference in Las Vegas, researchers Yair and Shahak Morag from SafeBreach Labs introduced a new class of denial-of-service (DoS) attacks known as the “Win-DoS Epidemic.” They revealed four new Windows DoS vulnerabilities and one zero-click distributed denial-of-service (DDoS) flaw, all classified as “uncontrolled resource consumption.” The vulnerabilities include CVE-2025-26673, CVE-2025-32724, and CVE-2025-49716, each with a high severity rating of CVSS 7.5, affecting Windows LDAP, LSASS, and Netlogon respectively. Additionally, CVE-2025-49722, a medium-severity vulnerability in the Windows Print Spooler, requires an authenticated attacker on an adjacent network. The researchers demonstrated that these flaws could enable attackers to crash any Windows endpoint or server, including critical Domain Controllers (DCs), and potentially weaponise public DCs to form a massive DDoS botnet.

The implications of DoS attacks on Domain Controllers are particularly concerning, as these servers are essential for managing authentication and centralising user resources within organisational networks. A successful DoS attack on a DC can incapacitate an entire organisation, preventing users from logging in or accessing necessary resources. The researchers’ findings build upon their earlier discovery of the LdapNightmare vulnerability, which was the first public DoS exploit targeting a Windows DC. Their new research significantly broadens the threat landscape by exploiting additional core Windows services. The most alarming aspect of their findings is the novel DDoS technique, termed Win-DDoS, which manipulates the Windows LDAP client’s referral process. This manipulation allows attackers to redirect DCs to a victim server, creating a powerful and untraceable DDoS botnet using public DCs worldwide, all without requiring special infrastructure or leaving a forensic trail.

Categories: Denial-of-Service Vulnerabilities, Domain Controller Threats, Distributed Denial-of-Service Techniques

Tags: Win-DoS, Denial-of-Service, Vulnerabilities, Windows, DDoS, Domain Controllers, Botnet, LDAP, Resource Consumption, Attack Techniques

New ‘Win-DoS’ Zero-Click Vulnerabilities Transform Windows Servers, Endpoints, and Domain Controllers into DDoS Botnets

FreePBX Servers Compromised in Zero-Day Attack – Administrators Advised to Disable Internet Connectivity

Wireshark 4.4.9 Launches with Essential Bug Fixes and Enhanced Protocol Support

Android Security Update: Critical Patch for Actively Exploited 0-Day Vulnerabilities

ChatGPT Connectors ‘Zero-Click’ Vulnerability Allows Attackers to Extract Data from Google Drive

Multiple ImageMagick Vulnerabilities Lead to Memory Corruption and Integer Overflow Issues

ESPHome Web Server Authentication Bypass Vulnerability Poses Security Risks to Smart Devices

Leave a Reply Cancel reply

Similar Posts

Leave a Reply Cancel reply