FAQ-CVSS-AC:H-Invest Time
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.
Windows Netlogon Denial of Service Vulnerability
Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network.
FAQ
What actions do I need to take to be protected from this vulnerability? To mitigate this vulnerability, a code change was made in the July 2025 Windows Security Updates for all other Server platforms from Windows Server 2008 SP2 to Windows Server 2022, inclusive. After this change, some file and print service software can be affected, including Samba. Samba has released an update to accommodate this change. See Samba 4.22.3 - Release Notes for more information. To accommodate scenarios where affected third party software cannot be updated, we released additional configuration capability in the August 2025 Windows Security Update. For more information about the releases and the new modes visit: https://support.microsoft.com/en-us/topic/kb5066014-netlogon-rpc-hardening-cve-2025-49716-38a0bc06-507c-47d4-be0f-ca1acab02c68