Windows DNS heap-based buffer overflow remote code execution flaw (CVE-2026-41096)
Vulnerability
Summary
Hide ▲
Show ▼
Microsoft patched CVE-2026-41096, a heap-based buffer overflow in Windows DNS that could let an unauthorized attacker execute code remotely on vulnerable Windows systems. The flaw carries a CVSS score of 9.8 and affects a widely deployed network service, making the patch important for exposed environments. Microsoft said the issue was fixed in its May 13, 2026 update cycle.
Related Happenings
Microsoft WUSA network-share Windows update failure
Service Disruption
H score0
First: 12.06.2026 14:44
Last: 12.06.2026 14:44
Sources 1
About this happening:
Microsoft has fixed a **WUSA** problem that caused **Windows updates** to fail when installed from a **network share**, disrupting update deployment on **Windows 11 24H2/25H2** an...
Microsoft WUSA network-share Windows update failure
Service DisruptionAbout this happening: Microsoft has fixed a **WUSA** problem that caused **Windows updates** to fail when installed from a **network share**, disrupting update deployment on **Windows 11 24H2/25H2** an...
CCB urgent patch warning for CVE-2026-41089 on Windows servers
Public Sector Action
H score48
First: 01.06.2026 15:30
Last: 01.06.2026 15:30
Sources 1
About this happening:
Belgium's **CCB** warned that **CVE-2026-41089** is being **actively exploited in the wild**, urging admins to **immediately patch** vulnerable **Windows servers** because the fla...
CCB urgent patch warning for CVE-2026-41089 on Windows servers
Public Sector ActionAbout this happening: Belgium's **CCB** warned that **CVE-2026-41089** is being **actively exploited in the wild**, urging admins to **immediately patch** vulnerable **Windows servers** because the fla...
Microsoft Windows Server 2016 domain controller discovery failure after KB5087537
Service Disruption
H score0
First: 26.05.2026 10:41
Last: 26.05.2026 10:41
Sources 1
About this happening:
Microsoft confirmed a **known issue** in **Windows Server 2016** after **KB5087537** that can prevent **domain controller discovery**, disrupting administrative operations and app...
Microsoft Windows Server 2016 domain controller discovery failure after KB5087537
Service DisruptionAbout this happening: Microsoft confirmed a **known issue** in **Windows Server 2016** after **KB5087537** that can prevent **domain controller discovery**, disrupting administrative operations and app...
Microsoft Edge stops loading saved passwords into cleartext memory at startup
Security Tool/Service
H score10
First: 15.05.2026 17:49
Last: 15.05.2026 17:49
Sources 1
About this happening:
**Microsoft Edge** is changing its built-in password manager so **saved passwords** are no longer loaded into **process memory in clear text** at startup, reducing the risk of loc...
Microsoft Edge stops loading saved passwords into cleartext memory at startup
Security Tool/ServiceAbout this happening: **Microsoft Edge** is changing its built-in password manager so **saved passwords** are no longer loaded into **process memory in clear text** at startup, reducing the risk of loc...
Microsoft Windows Autopatch fix for EU restricted driver update deployment bug
Security Tool/Service
H score11
First: 13.05.2026 17:36
Last: 13.05.2026 17:36
Sources 1
About this happening:
**Microsoft** fixed a **Windows Autopatch** service bug that let **restricted driver updates** reach some managed devices in the **EU**, bypassing admin approval controls and crea...
Microsoft Windows Autopatch fix for EU restricted driver update deployment bug
Security Tool/ServiceAbout this happening: **Microsoft** fixed a **Windows Autopatch** service bug that let **restricted driver updates** reach some managed devices in the **EU**, bypassing admin approval controls and crea...
Timeline
-
13.05.2026 13:36 2 articles · 1mo ago
Microsoft discloses and patches CVE-2026-41096 in Windows DNS
Initial DisclosureMicrosoft's May 13, 2026 Patch Tuesday release fixed CVE-2026-41096, a CVSS 9.8 heap-based buffer overflow in Windows DNS that could let an unauthorized attacker execute code over a network by sending a specially crafted DNS response to a vulnerable Windows system.
Show sources
- Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws — thehackernews.com — 13.05.2026 13:36
- Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws — thehackernews.com — 13.05.2026 13:36