In light of recent findings that have exposed meaningful flaws in all recent versions of Windows systems, … These flaws would allow malicious actors to carry out massive distributed denial-of-service (DDoS) attacks. The vulnerabilities CVE-2025-26673, CVE-2025-32724, CVE-2025-49716 and CVE-2025-49722 have caused big outcries. Further, they can consume system resources and cause denial of service across networks.
The first three vulnerabilities had a CVSS score of 7.5, indicating a high severity level. By comparison, CVE-2025-49722 was rated much lower at 5.7. The vulnerabilities impact a number of critical components. They are tied to the underlying Windows Lightweight Directory Access Protocol (LDAP), Local Security Authority Subsystem Service (LSASS), Netlogon, and Print Spooler components. Each vulnerability paves the way for a malicious actor to cause critical services to be disrupted, with consequences that extend to both public and private infrastructure.
These vulnerabilities were patched in a slew of updates from the US Cybersecurity and Infrastructure Security Agency between May and July of 2025. Experts told CyberScoop that the presence of such flaws serves as a reminder that there are very basic failures in enterprise security to begin with.
Details of the Vulnerabilities
CVE-2025-26673 is related to excessive resource consumption on the Windows LDAP service. Specifically, this vulnerability could enable unauthorized, remote attackers to trigger denial of services across the network. It was rectified in May 2025. CVE-2025-32724 comes in just behind this trend with a CVSS score of 7.5. It affects the LSASS component and enables the same remote denial of service capabilities. This flaw was fixed in June 2025.
This critical vulnerability has a CVSS score of 7.5 Currently, it impacts the Windows Netlogon component and allows for remote unauthenticated denial of service. This bug’s fix wasn’t released until July 2025. Finally on the list is CVE-2025-49722, rated at 5.7. It impacts the Print Spooler Remote Code Execution Vulnerability and permits authenticated adversaries to interrupt companies on adjacent networks.
Or Yair and Shahak Morag, researchers involved in discovering these vulnerabilities, emphasized the seriousness of the flaws:
“The vulnerabilities we discovered are zero-click, unauthenticated vulnerabilities that allow attackers to crash these systems remotely if they are publicly accessible, and also show how attackers with minimal access to an internal network can trigger the same outcomes against private infrastructure.”
The Risks of Win-DDoS
The researchers introduced a new example of attack technique—Win-DDoS. This strategy exploits already-observed vulnerabilities to orchestrate a massive worldwide botnet of publicly available domain controllers (DCs). This powerful methodology enables attackers to beep-deep with minimal invasiveness and orchestrate epically large DDoS attacks without the major resources typically required.
The implications of this discovery go against the existing consensus about how to do enterprise threat modeling. Historically, organizations assumed denial-of-service threats only impacted external-facing services. They thought as long as the internal systems didn’t become completely compromised, their internal systems were safe.
“As a result, we were able to create Win-DDoS, a technique that would enable an attacker to harness the power of tens of thousands of public DCs around the world to create a malicious botnet with vast resources and upload rates. All without purchasing anything and without leaving a traceable footprint.”
Cybersecurity firm SafeBreach has developed a new tactic, TorpeDoS. Win-DDoS has raised the bar and created new vulnerabilities and emerging threats, which is why this is being released in response to that. This approach simulates the effect of a DDoS attack with one computer instead of thousands of machines.
This new capability increases concern over the ability for singular machines to reach catastrophic levels of disruption with minimal inputs.
“Our findings break common assumptions in enterprise threat modeling: that DoS risks only apply to public services, and that internal systems are safe from abuse unless fully compromised. The implications for enterprise resilience, risk modeling, and defense strategies are significant.”
The Role of TorpeDoS
In light of these vulnerabilities and the emerging threats posed by Win-DDoS, another technique known as TorpeDoS has been introduced by cybersecurity firm SafeBreach. This method creates the impact of a DDoS attack using a single computer rather than a multitude of devices.
SafeBreach elaborated on this technique:
“It doesn’t use many different computers worldwide to create a DDoS; it just improves the efficiency of RPC-call-rate by so much that the impact of a single computer implementing TorpeDoS is equivalent to the impact of a DDoS attack made by tens of thousands of computers.”
This capability raises further alarms about the potential for individual machines to cause significant disruption without extensive resources.