CVE-2025-49716

FAQ

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.

What actions do I need to take to be protected from this vulnerability?

To mitigate this vulnerability, a code change was made in the July 2025 Windows Security Updates for all other Server platforms from Windows Server 2008 SP2 to Windows Server 2022, inclusive.

After this change, some file and print service software can be affected, including Samba. Samba has released an update to accommodate this change. See Samba 4.22.3 - Release Notes for more information.

To accommodate scenarios where affected third party software cannot be updated, we released additional configuration capability in the August 2025 Windows Security Update.

For more information about the releases and the new modes visit: https://support.microsoft.com/en-us/topic/kb5066014-netlogon-rpc-hardening-cve-2025-49716-38a0bc06-507c-47d4-be0f-ca1acab02c68