PowerScale: OneFS: Microsoft Security Hardening for RPC Netlogon Compatibility
Summary: For most versions of Windows Server (2008-2022), and update released on July 8 included code enhancements that addressed a vulnerability with Remote Procedure Call Netlogon (CVE-2025-49716). This update was already released in Windows Server 2025 earlier in February. ...
Security Article Type
Security KB
CVE Identifier
Windows Netlogon Denial of Service Vulnerability: https://www.cve.org/CVERecord?id=CVE-2025-49716
Issue Summary
In the July 8, 2025 update for Windows Server 2008-2022, Microsoft released code enhancements to address a vulnerability with certain anonymous RPC Netlogon calls. This code enhancement was applied in the February 2025 update to Windows Server 2025. This update serves to prevent a denial of service by mitigating the uncontrolled consumption of resources over RPC Netlogon. OneFS is not impacted and functions as normal when it is applied.
Recommendations
OneFS by design does not use anonymous calls when communicating with an Active Directory domain controller. The cluster authenticates with the cluster machine account and password. During the DC election process, OneFS uses CLDAP ping to determine how reachable a DC is after receiving a list from AD in an SRV record. The security hardening that Microsoft has implemented in the July 8 Windows Server patches does not impact PowerScale OneFS. No further action is required for administrators to maintain cluster functionality with Active Directory when applying the patch.
Additional Information
Microsoft Vulnerability Page: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49716