On July 8, 2025, Microsoft released KB 5062572 (applicable to Windows Server 2008 R2 ~ 2022 domain controllers), patching CVE‑2025‑49716 and strengthening Netlogon RPC access checks.
- Potentially affected environments: Samba servers that join AD and use specific backends such as idmap_ad may be unable to authenticate or correctly map domain accounts after the update.
- QNAP NAS status: QNAP default settings are not affected by this change, so you can safely install the update.
- Important note: Users with non-default configurations (such as idmap=ad) may be affected and should check their Samba settings or consult their IT administrator before proceeding.
For further information, please refer to the official Microsoft documentation: