Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Windows domain controller remote crash DoS (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 8
1 unique sources, 1 articles

Summary

Hide ▲

Windows domain controllers are exposed to four denial-of-service CVEs that can trigger remote crashes through LDAP, LSASS, Netlogon, and Print Spooler Components. The flaws include CVE-2025-26673, CVE-2025-32724, CVE-2025-49716, and CVE-2025-49722, with fixes released between May and July 2025. The disclosure matters because the vulnerabilities are described as zero-click or low-access crash paths that can disrupt domain services without code execution.

Related Happenings

Microsoft SharePoint ToolShell (CVE-2025-53770) widespread exploitation

Exploitation Wave
First: 22.10.2025 13:24 Last: 22.10.2025 13:24 Sources 1

About this happening: **CVE-2025-53770** exploitation against **Microsoft SharePoint on-premise servers** expanded into a **multi-region wave** affecting government, university, telecom, and finance ta...

Latest development: 22.10.2025 15:56

After the **July 2025 patch**, China-linked actors began abusing **ToolShell / CVE-2025-53770** against **Microsoft SharePoint** servers, starting with a **telecommunications company in the Middle East** and then broader regional targets.

Open Happening

Timeline

  1. 10.08.2025 22:30 1 articles · 9mo ago

    SafeBreach discloses Win-DDoS and four Windows DoS CVEs

    Initial Disclosure

    SafeBreach researchers Or Yair and Shahak Morag disclosed Win-DDoS at DEF CON 33, describing how Windows LDAP referral handling can be abused to turn public domain controllers into a malicious DDoS botnet and to direct LDAP traffic at a chosen victim server. The same research identified four denial-of-service flaws in Windows Lightweight Directory Access Protocol (LDAP), Windows Local Security Authority Subsystem Service (LSASS), Windows Netlogon, and Windows Print Spooler Components, including CVE-2025-26673, CVE-2025-32724, CVE-2025-49716, and CVE-2025-49722, with fixes released from May 2025 through July 2025.

    Show sources
    Open in new tab