A critical Windows Server security flaw that can let outsiders run code on domain controllers is now being exploited in real attacks. Belgium's Centre for Cybersecurity said CVE-2026-41089, a stack-based buffer overflow in the Netlogon remote procedure call (RPC) service, is under active exploitation after Microsoft patched it in May 2026. The bug affects supported Windows Server versions including Windows Server 2025 and can be triggered by a specially crafted network request without prior authentication.
Why it matters: Domain controllers are the systems that authenticate users across many business networks, so compromise can put an entire organization at risk. Organizations running Windows Server should treat this as high priority and patch exposed and internal domain controllers immediately.
Ionut Arghire
2026.06.01
98% relevant
This article is the same underlying event: CCB warning that CVE-2026-41089 in Windows Netlogon is being exploited in the wild. It adds detail that Microsoft patched the stack-based buffer overflow on May 12, that exploitation can occur via crafted network requests against domain controllers without authentication, and that Microsoft had not yet updated its advisory to reflect exploitation.
Sergiu Gatlan
2026.06.01
100% relevant
This article establishes a new tracked story by adding the key development that CVE-2026-41089 has moved from a patched critical flaw to one reportedly being exploited in the wild.
← Back to all stories