MicrosoftIt would be a very poor pentester who reported null sessions and only gave simple "net use" commands as an example.
That said, this will usually be found by a vulnerability scanner which has its own implementation of SMB, which will explicitly try to connect with a null session. A scanner like Nessus will not try to reuse any credentials cached on the host it's running on. If the pentester sees this in the vulnerability scanner output, and then uses faulty commands in an attempt to prove the issue then that's a facepalm-worthy event.
Null sessions may no longer be enabled by default on current windows versions, but there are instances where they can be explicitly enabled. There are also a large number of legacy systems out there, as well as third party implementations of SMB with varying default settings and features. Amusingly enough, very old legacy systems often don't show up in pentest reports despite being highly vulnerable because the people doing the testing don't know how to exploit them.
The ability to open a null session is a weakness. If you are unable to authenticate in any way, you can only attack the authentication process. If you can authenticate even as a null user, then you gain access to a lot of additional functionality which may have weaknesses. As an example, most of the ETERNAL* exploits leaked from the NSA in 2017 require the ability to authenticate. If null sessions are enabled then this exploit is a remote attack, if null sessions are disabled then it becomes a privilege escalation as you'd require some form of unprivileged account in order to exploit the vulnerability.
