NOTLogon vulnerability
Microsoft additionally issued a patch for CVE-2025-47978, a denial-of-service (DoS) vulnerability in Microsoft’s Netlogon protocol, a core element of all Home windows area controllers. The opening has been dubbed NOTLogon by Dor Segal, senior safety researcher at Silverfort, who found it. The vulnerability permits any domain-joined machine with minimal privileges to ship a specifically crafted authentication request that can crash a site controller and trigger a full reboot. It has a CVSS rating of 6.5.
“Even low-privilege machines with primary community entry can pose main dangers if left unchecked,” Segal mentioned in a weblog. “This vulnerability reveals how solely a legitimate machine account and a crafted RPC message can carry down a site controller — the spine of Lively Listing operations like authentication, authorization, coverage enforcement, and extra. If a number of area controllers are affected, it could actually carry enterprise to a halt. NOTLogon is a reminder that new protocol options — particularly in privileged authentication companies — can grow to be assault surfaces in a single day. Staying safe isn’t solely about making use of patches — it’s about inspecting the foundational techniques we depend on on daily basis.”
Lastly, Tenable’s Satnam Narang, senior employees analysis engineer, mentioned CSOs needs to be taking note of fixing the lately revealed Citrix NetScaler vulnerabilities, particularly CVE-2025-5777, often known as CitrixBleed 2. “It’s strikingly much like the unique CitrixBleed,” he mentioned to CSO in an electronic mail, “the place attackers are in a position to steal session tokens from NetScaler techniques and use them to realize entry to networks, even when patches have been utilized. There are experiences that exploitation of CitrixBleed 2 goes again to mid-June, so organizations that make the most of NetScaler needs to be reviewing logs for fast a succession of suspicious requests and identified indicators of compromise, and most significantly, invalidate session tokens to stop follow-on exercise.”
