{"id":344649,"date":"2025-08-11T08:50:00","date_gmt":"2025-08-11T15:50:00","guid":{"rendered":"https:\/\/cms-articles.softonic.io\/es\/?p=392796"},"modified":"2025-08-11T08:56:21","modified_gmt":"2025-08-11T15:56:21","slug":"windows-has-four-vulnerabilities-that-can-render-any-device-with-this-system-useless","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/windows-has-four-vulnerabilities-that-can-render-any-device-with-this-system-useless\/","title":{"rendered":"Windows has four vulnerabilities that can render any device with this system useless"},"content":{"rendered":"\n<p><strong>At the recent DEF CON 33 conference, researchers Yair and Shahak Morag from SafeBreach Labs presented <\/strong>a new and alarming class of<strong> denial of service (DoS) attacks, called Win-DoS Epidemic<\/strong>. This new research reveals four DoS vulnerabilities in Windows and a distributed denial of service (DDoS) threat that does not require clicks for activation. Attackers can paralyze critical systems, including Domain Controllers (DC), which could completely destabilize an organization.<\/p>\n\n\n<h2 class=\"wp-block-heading\">A very serious problem to solve as soon as possible<\/h2>\n\n\n<p>DoS attacks focus on the uncontrolled consumption of resources, an approach that allows attackers to collapse any endpoint or Windows server. <strong>The most concerning technique, known as Win-DDoS, exploits a vulnerability in the Windows LDAP client reference process, allowing attackers to redirect DCs to a victim server and make them repeat that action indefinitely<\/strong>. This results in the creation of a massive and untraceable DDoS botnet, using public DCs around the world.<\/p>\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"DEF CON 33 Preview - Malware Village\" width=\"840\" height=\"473\" src=\"https:\/\/www.youtube.com\/embed\/6BIBQUmJgac?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n<p>The implications of these findings are critical, as Domain Controllers are essential for authentication and resource management in organizational networks. <strong>A successful attack can mean that users are unable to access their resources, paralyzing daily operations<\/strong>. Additionally, researchers have identified three new DoS vulnerabilities that can be exploited without user interaction, affecting both servers and endpoints.<\/p>\n\n\n<p>Despite Microsoft releasing patches for the LdapNightmare vulnerability, <strong>this new series of vulnerabilities emphasizes the need for organizations to review and strengthen their security postures, especially regarding internal systems like DCs<\/strong>. Continuous vigilance is essential to protect against these emerging threats.<\/p>\n\n<div class=\"sc-card-program\">\r\n  <div class=\"sc-card-program__body\">\r\n    <div class=\"sc-card-program__row clearfix\">\r\n      <div class=\"sc-card-program__col-logo\">\r\n        <img decoding=\"async\" class=\"sc-card-program__img\" alt=\"Avast Free Antivirus\" src=\"https:\/\/images.sftcdn.net\/images\/t_app-icon-s\/p\/2d9f9134-96d0-11e6-bf8f-00163ec9f5fa\/1408299994\/avast-Avast_Symbol_V2_Positive_Orange_256x256.png\" width=\"100px\" height=\"100px\">\r\n      <\/div>\r\n      <div class=\"sc-card-program__col-title\">\r\n        <span class=\"sc-card-program__title\">Avast Free Antivirus<\/span>\r\n        <a class=\"sc-card-program__button sc-card-program-internal\" href=\"https:\/\/avast.softonic.com\/\" target=\"_self\" rel=\"noopener noreferrer\">DOWNLOAD<\/a>\r\n      <\/div>\r\n      <div class=\"sc-card-program__col-rating\">\r\n        <svg class=\"rating-score__content\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" version=\"1.1\" x=\"0\" y=\"0\" viewbox=\"0 0 50 50\" enable-background=\"new 0 0 50 50\" xml:space=\"preserve\"><path class=\"rating-score__background rating-score--good\" fill=\"none\" stroke-width=\"6\" stroke-miterlimit=\"10\" d=\"M40 40c8.3-8.3 8.3-21.7 0-30s-21.7-8.3-30 0 -8.3 21.7 0 30\"><\/path><path class=\"rating-score__value rating-score__value--0\" fill=\"none\" stroke-width=\"6\" stroke-dashoffset=\"0\" stroke-miterlimit=\"10\" d=\"M40 40c8.3-8.3 8.3-21.7 0-30s-21.7-8.3-30 0 -8.3 21.7 0 30\"><\/path><text class=\"rating-score__number\" content=\"\" text-anchor=\"middle\" transform=\"matrix(1 0 0 1 25 31.0837)\" data-auto=\"app-user-score\"><\/text><\/svg>\r\n      <\/div>\r\n    <\/div>\r\n    <div class=\"sc-card-program__row\">\r\n      <span class=\"sc-card-program__description\"><\/span>\r\n    <\/div>\r\n    <div class=\"sc-card-program__row\">\r\n      <img decoding=\"async\" class=\"sc-card-program__bigpic\" src=\"\" onerror=\"this.style.display='none'\">\r\n    <\/div>\r\n    <a class=\"sc-card-program__link track-link sc-card-program-internal\" href=\"https:\/\/avast.softonic.com\/\" target=\"_self\" rel=\"noopener noreferrer\"><\/a>\r\n  <\/div>\r\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>At the recent DEF CON 33 conference, researchers Yair and Shahak Morag from SafeBreach Labs presented a new and alarming class of denial of service (DoS) attacks, called Win-DoS Epidemic. This new research reveals four DoS vulnerabilities in Windows and a distributed denial of service (DDoS) threat that does not require clicks for activation. Attackers can paralyze critical systems, including Domain Controllers (DC), which could completely destabilize an organization. A very serious problem to be solved as soon as possible. DoS attacks focus on the uncontrolled consumption of resources, an approach that allows [&hellip;]<\/p>\n","protected":false},"author":9318,"featured_media":344650,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":0},"categories":[1015,11143],"tags":[5605,14864,14865,14866,14867,14868,1080,14869],"usertag":[],"vertical":[],"content-category":[7176],"class_list":["post-344649","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-softwaresecurity","tag-ciberseguridad","tag-def-con-33","tag-dos","tag-ldap","tag-safebreach-labs","tag-shahak-morag","tag-windows","tag-yair","content-category-seguridad-privacidad"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/344649","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/users\/9318"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/comments?post=344649"}],"version-history":[{"count":2,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/344649\/revisions"}],"predecessor-version":[{"id":344662,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/344649\/revisions\/344662"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media\/344650"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media?parent=344649"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/categories?post=344649"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/tags?post=344649"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/usertag?post=344649"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/vertical?post=344649"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/content-category?post=344649"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}