What’s new: Researchers have identified new vulnerabilities in Windows that allow attackers to exploit public domain controllers (DCs) to create a DDoS botnet, termed Win-DDoS. This technique leverages flaws in the Windows LDAP client code, enabling attackers to manipulate referral processes and overwhelm victim servers without requiring code execution or credentials. The vulnerabilities include CVE-2025-26673, CVE-2025-32724, CVE-2025-49716, and CVE-2025-49722, all of which have been fixed between May and July 2025.
Who’s affected
Organizations using Windows domain controllers that are publicly accessible are at risk. The vulnerabilities allow unauthenticated attackers to cause denial-of-service conditions, impacting both public and private infrastructure.
What to do
- Ensure all Windows systems are updated with the latest security patches addressing the identified CVEs.
- Limit public exposure of domain controllers to reduce the risk of exploitation.
- Review and enhance network security measures to detect and mitigate potential DDoS attacks.
