Exploiting Silence: 0-Click System Crashes via UDP in Windows Deployment Services
A newly uncovered vulnerability in Microsoft’s Windows Deployment Services (WDS) exposes enterprise systems to a severe zero-click denial-of-service (DoS) attack that can be executed remotely—without authentication or user interaction. The flaw targets the UDP-based TFTP service running on port 69, which is central to WDS’s PXE boot functionality used for deploying operating systems over the network. Exploiting this weakness, an attacker can crash a vulnerable server in minutes, posing a serious risk to organizations relying on WDS for streamlined operating system rollouts. How the Vulnerability Works Discovered by security researcher Zhiniang Peng , the vulnerability stems from how WDS handles incoming TFTP (Trivial File Transfer Protocol) sessions. When a connection request is received, WDS creates a CTftpSession object via the function wdstftp!CClientContext::OnConnectionRequest . However, there’s a fundamental flaw: no limits are enforced on the number of sessions the serv...