Win-DoS’ Zero-Click Exploit Could Weaponize Windows Infrastructure for DDoS Attacks

Security researchers have uncovered a “zero-click” denial-of-service chain that can silently turn thousands of Microsoft Windows Domain Controllers (DCs) into a globe-spanning botnet, raising fresh alarms in a year already defined by record-breaking distributed-denial-of-service (DDoS) activity.

DDoS attacks climbed 56% year-over-year in late-2024 according to Gcore’s latest Radar report, and Cloudflare’s network has already blocked single floods peaking at 7.3 Tbps in 2025, the largest ever disclosed.

With the average minute of downtime now costing around $6,000 and typical incidents topping $400,000 for small and midsize firms, defenders face mounting pressure even before new exploitation techniques emerge.

Win-DoS’ Zero-Click Exploit

A zero-click exploit executes without user interaction, typically abusing software that automatically parses untrusted data.

SafeBreach Labs’ new research shows how Windows’ own Lightweight Directory Access Protocol (LDAP) client can be hijacked via a crafted RPC call to build “Win-DDoS,” an attack flow ...