| | | |

Introducing ‘Win-DoS’: A New Zero-Click Vulnerability That Transforms Windows Servers, Endpoints, and Domain Controllers into a DDoS Botnet

ByAdmin

At the DEF CON 33 security conference in Las Vegas, researchers Yair and Shahak Morag from SafeBreach Labs introduced a new class of denial-of-service (DoS) attacks known as the “Win-DoS Epidemic.” They revealed four new Windows DoS vulnerabilities and one zero-click distributed denial-of-service (DDoS) flaw, all classified as “uncontrolled resource consumption.” The vulnerabilities include CVE-2025-26673, CVE-2025-32724, and CVE-2025-49716, each with a high severity rating of CVSS 7.5, affecting Windows LDAP, LSASS, and Netlogon respectively. Additionally, CVE-2025-49722, a medium-severity DoS vulnerability in the Windows Print Spooler, requires an authenticated attacker on an adjacent network. The researchers demonstrated that these vulnerabilities could enable attackers to crash any Windows endpoint or server, including critical Domain Controllers (DCs), and potentially weaponise public DCs to form a massive DDoS botnet.

The implications of DoS attacks on Domain Controllers are particularly concerning, as these servers are essential for managing authentication and centralising user and resource management within organisational networks. A successful DoS attack on a DC can incapacitate an entire organisation, preventing users from logging in or accessing necessary resources. The researchers’ findings build upon their earlier discovery of the LdapNightmare vulnerability (CVE-2024-49113), which was the first public DoS exploit targeting a Windows DC. Their latest research significantly broadens the threat landscape by exploiting additional core Windows services. The most alarming aspect of their work is the introduction of a new DDoS technique called Win-DDoS, which manipulates the Windows LDAP client’s referral process. This allows attackers to redirect DCs to a victim server and make them continuously repeat this redirection, effectively creating a vast, untraceable DDoS botnet using public DCs worldwide. 

Categories: Denial-of-Service Vulnerabilities, Domain Controller Security, Distributed Denial-of-Service Techniques 

Tags: Win-DoS, Denial-of-Service, Vulnerabilities, Windows, DDoS, Domain Controllers, Botnet, LDAP, Resource Consumption, Attack Techniques 

Similar Posts

| |

Sure! Here’s a rephrased version of your title optimized for SEO: “Comprehensive CISA Guide: Effective Strategies for Hunting and Mitigating Threats from Chinese State-Sponsored Cyber Actors to Protect Your Network” Feel free to let me know if you need further adjustments or additional content!

Weekly Cybersecurity News Roundup: Key Security Updates from Microsoft, Cisco, and Fortinet, Plus Recent Cyber Attack Insights Stay informed with our latest weekly recap of cybersecurity news, featuring essential security updates from industry leaders Microsoft, Cisco, and Fortinet. We also delve into recent cyber attacks, providing insights into emerging threats and vulnerabilities. Don’t miss out on crucial information that can help safeguard your digital assets!

Leave a Reply

Your email address will not be published. Required fields are marked *