top of page
perceptive_background_267k.jpg

Critical Windows Netlogon RCE flaw now exploited in attacks

Published:

1 juni 2026 om 12:30:27

Alert date:

1 juni 2026 om 13:00:57

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Operating Systems, Zero-Day Vulnerabilities, Identity & Access

The Centre for Cybersecurity Belgium (CCB) warned that threat actors are actively exploiting a recently patched critical Windows Netlogon remote code execution vulnerability in live attacks. This represents an escalation from the initial discovery to active exploitation in the wild, indicating high risk for organizations running vulnerable Windows systems. The vulnerability affects the Windows Netlogon service, which is critical for domain authentication in Windows environments.

Technical details

CVE-2026-41089 is a stack-based buffer overflow vulnerability in Windows Netlogon, a remote procedure call (RPC) interface and core Microsoft Windows Server background service that authenticates services and users on Windows domain-based networks. The vulnerability allows attackers without privileges to gain remote code execution on targeted domain controllers by sending a specially crafted network request to a Windows server acting as a domain controller. If successful, this causes the Netlogon service to improperly handle the request, potentially allowing the attacker to run code on the affected system without needing to sign in or have prior access. The vulnerability has a CVSS score of 9.8.

Mitigation steps:

Immediately patch vulnerable servers by applying the May 2026 Patch Tuesday updates. The Centre for Cybersecurity Belgium (CCB) urges administrators to patch as quickly as possible due to active exploitation in the wild.

Affected products:

Windows Server (all currently supported versions)
Windows Server 2025
Windows Server 2016
Windows Netlogon service

Related links:

https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/ff8f970f-3e37-40f7-bd4b-af7336e4792f
https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2026-patch-tuesday-fixes-120-flaws-no-zero-days/
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41089
https://ccb.belgium.be/advisories/warning-microsoft-patch-tuesday-may-2026-patches-118-vulnerabilities-16-critical-102
https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-yellowkey-windows-zero-day/
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585
https://www.bleepingcomputer.com/news/security/disgruntled-researcher-leaks-bluehammer-windows-zero-day-exploit/
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825
https://www.bleepingcomputer.com/news/microsoft/new-microsoft-defender-redsun-zero-day-poc-grants-system-privileges/
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41091
https://www.bleepingcomputer.com/news/security/recently-leaked-windows-zero-days-now-exploited-in-attacks/
https://www.bleepingcomputer.com/news/security/windows-bitlocker-zero-day-gives-access-to-protected-drives-poc-released/
https://www.bleepingcomputer.com/news/microsoft/new-windows-miniplasma-zero-day-exploit-gives-system-access-poc-released/
https://github.com/Nightmare-Eclipse/UnDefend
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45498
https://www.microsoft.com/en-us/msrc/blog/2026/05/a-shared-responsibility-protecting-customers-through-coordinated-vulnerability-disclosure
https://x.com/msftsecresponse/status/2061293718942908925

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page