Rewrite the
NOTLogon vulnerability
Microsoft also issued a patch for CVE-2025-47978, a denial-of-service (DoS) vulnerability in Microsoft’s Netlogon protocol, a core component of all Windows domain controllers. The hole has been dubbed NOTLogon by Dor Segal, senior security researcher at Silverfort, who discovered it. The vulnerability allows any domain-joined machine with minimal privileges to send a specially crafted authentication request that will crash a domain controller and cause a full reboot. It has a CVSS score of 6.5.
“Even low-privilege machines with basic network access can pose major risks if left unchecked,” Segal said in a blog. “This vulnerability shows how only a valid machine account and a crafted RPC message can bring down a domain controller — the backbone of Active Directory operations like authentication, authorization, policy enforcement, and more. If multiple domain controllers are affected, it can bring business to a halt. NOTLogon is a reminder that new protocol features — especially in privileged authentication services — can become attack surfaces overnight. Staying secure isn’t only about applying patches — it’s about examining the foundational systems we rely on every day.”
Finally, Tenable’s Satnam Narang, senior staff research engineer, said CSOs should be paying attention to fixing the recently revealed Citrix NetScaler vulnerabilities, specifically CVE-2025-5777, also known as CitrixBleed 2. “It is strikingly similar to the original CitrixBleed,” he said to CSO in an email, “where attackers are able to steal session tokens from NetScaler systems and use them to gain access to networks, even if patches have been applied. There are reports that exploitation of CitrixBleed 2 goes back to mid-June, so organizations that utilize NetScaler should be reviewing logs for rapid a succession of suspicious requests and known indicators of compromise, and most importantly, invalidate session tokens to prevent follow-on activity.”
in well organized HTML format with all tags properly closed. Create appropriate headings and subheadings to organize the content. Ensure the rewritten content is approximately 1500 words. Do not include the title and images. please do not add any introductory text in start and any Note in the end explaining about what you have done or how you done it .i am directly publishing the output as article so please only give me rewritten content. At the end of the content, include a “Conclusion” section and a well-formatted “FAQs” section.
