<ul data-eligibleForWebStory="false"><li>A new vulnerability in Microsoft's Netlogon protocol, named 'NOTLogon,' was discovered by Silverfort Inc., allowing low-privilege machines to crash Windows domain controllers remotely.</li><li>The vulnerability was patched by Microsoft in its July 8 update and does not allow for privilege escalation or credential theft, but can disrupt core Active Directory services.</li><li>Discovered through AI-assisted methods, the flaw stems from the handling of malformed inputs in the NetrLogonSamLogonEx RPC call, causing domain controllers to crash and trigger reboots.</li><li>Silverfort recommends organizations to apply the July 2025 security update, audit machine account usage, limit account creation permissions, and segment network access to protect domain controllers.</li></ul>

Silverfort uncovers critical Netlogon flaw affecting Windows domain controllers

Discover more