CNNVD-202507-1010 Information

Jul 08, 2025 cve

CNNVD ID

CNNVD-202507-1010

CVE-2025-49716

  • CNNVD Published: 2025-07-08

Description (Chinese)

Microsoft Windows Netlogon是美国微软(Microsoft)公司的Windows的一个重要组件,主要功能是用户和机器在域内网络上的认证,以及复制数据库以进行域控备份,同时还用于维护域成员与域之间、域与域控之间、域DC与跨域DC之间的关系。 Microsoft Windows Netlogon存在资源管理错误漏洞。攻击者利用该漏洞导致系统拒绝服务。以下产品和版本受到影响:Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows Server 2022, 23H2 Edition (Server Core installation),Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation)。

Description (English)

Microsoft Windows Netlogon is an important component of Microsoft Windows in the United States, whose main function is to authenticate users and machines on a domain network and to copy databases for domain control backup, while also maintaining the relationship between domain members and domains, between domain and domain controls, and between domain and cross-domain DCs. Microsoft Windows Netlogon has an error in resource management. The attackers used the loophole to cause the system to refuse services. The following products and versions have been affected: Windows Server 2019, Windows Server 2019 (Server Corporation), Windows Server 2022, Windows Server 2022 (Server Corporation), Windows Server 2022, 23H2 Employment (Server Corporation), 2016, Windows Server Service 2016, Server Service 2012 for xside-stage Service, 2012 Capacity Capacity Building, 2011 Building Building Building Building Service 2008

Hazard Level

High

Vulnerability Type

资源管理错误

Affected Vendor

微软

Published

2025-07-08

Last Modified

2026-02-24

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49716

Patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49716

Share on: