Windows Netlogon stack-based buffer overflow security flaw (CVE-2026-41089)
Vulnerability
Summary
Hide ▲
Show ▼
Microsoft’s May Patch Tuesday fixed CVE-2026-41089, a critical stack-based buffer overflow in Windows Netlogon that could let attackers gain system privileges on a domain controller. The flaw has a CVSS v3 score of 9.8, requires no privileges or user interaction, and is rated low complexity. Security teams responsible for domain controllers should prioritize remediation.
Related Happenings
Microsoft Defender BlueHammer (CVE-2026-33825) ransomware exploitation wave
Exploitation Wave
H score41
First: 30.06.2026 11:53
Last: 30.06.2026 11:53
Sources 1
About this happening:
CISA has flagged **BlueHammer (CVE-2026-33825)** as exploited in **ransomware campaigns**, expanding the risk to **Windows devices** exposed to privilege escalation. The flaw in *...
Microsoft Defender BlueHammer (CVE-2026-33825) ransomware exploitation wave
Exploitation WaveAbout this happening: CISA has flagged **BlueHammer (CVE-2026-33825)** as exploited in **ransomware campaigns**, expanding the risk to **Windows devices** exposed to privilege escalation. The flaw in *...
CCB urgent patch warning for CVE-2026-41089 on Windows servers
Public Sector Action
H score48
First: 01.06.2026 15:30
Last: 01.06.2026 15:30
Sources 1
How related:
"On Friday, Belgium's national cybersecurity authority (CCB) warned that attackers are now actively exploiting the CVE-2026-41089 security flaw in the wild and urged admins to immediately patch vulnerable servers."
About this happening:
Belgium's **CCB** warned that **CVE-2026-41089** is being **actively exploited in the wild**, urging admins to **immediately patch** vulnerable **Windows servers** because the fla...
CCB urgent patch warning for CVE-2026-41089 on Windows servers
Public Sector ActionHow related: "On Friday, Belgium's national cybersecurity authority (CCB) warned that attackers are now actively exploiting the CVE-2026-41089 security flaw in the wild and urged admins to immediately patch vulnerable servers."
About this happening: Belgium's **CCB** warned that **CVE-2026-41089** is being **actively exploited in the wild**, urging admins to **immediately patch** vulnerable **Windows servers** because the fla...
Microsoft Windows Server 2016 domain controller discovery failure after KB5087537
Service Disruption
H score0
First: 26.05.2026 10:41
Last: 26.05.2026 10:41
Sources 1
About this happening:
Microsoft confirmed a **known issue** in **Windows Server 2016** after **KB5087537** that can prevent **domain controller discovery**, disrupting administrative operations and app...
Microsoft Windows Server 2016 domain controller discovery failure after KB5087537
Service DisruptionAbout this happening: Microsoft confirmed a **known issue** in **Windows Server 2016** after **KB5087537** that can prevent **domain controller discovery**, disrupting administrative operations and app...
Microsoft Defender zero-days exploited in attacks (multiple vulnerabilities)
Vulnerability
H score39
First: 21.05.2026 10:49
Last: 21.05.2026 10:49
Sources 1
About this happening:
Microsoft began rolling out fixes for **CVE-2026-41091** and **CVE-2026-45498**, two **actively exploited zero-days** in **Microsoft Defender** components that affect unpatched Wi...
Microsoft Defender zero-days exploited in attacks (multiple vulnerabilities)
VulnerabilityAbout this happening: Microsoft began rolling out fixes for **CVE-2026-41091** and **CVE-2026-45498**, two **actively exploited zero-days** in **Microsoft Defender** components that affect unpatched Wi...
Azure Backup for AKS privilege escalation flaw
Vulnerability
H score22
First: 16.05.2026 23:55
Last: 16.05.2026 23:55
Sources 1
About this happening:
A **critical Azure Backup for AKS** privilege-escalation flaw was independently validated, exposing Kubernetes clusters to **cluster-admin** takeover from the low-privileged **Bac...
Azure Backup for AKS privilege escalation flaw
VulnerabilityAbout this happening: A **critical Azure Backup for AKS** privilege-escalation flaw was independently validated, exposing Kubernetes clusters to **cluster-admin** takeover from the low-privileged **Bac...
Timeline
-
13.05.2026 11:15 3 articles · 1mo ago
Microsoft fixes CVE-2026-41089 in Windows Netlogon
Initial DisclosureMicrosoft published May Patch Tuesday security updates that fixed 120 CVEs, including CVE-2026-41089 in Windows Netlogon, a critical stack-based buffer overflow with a CVSS v3 base score of 9.8 that could give attackers system privileges on a domain controller. Rapid7 principal software engineer Adam Barnett urged anyone responsible for securing a domain controller to prioritize remediation, noting that no privileges or user interaction are required and attack complexity is low.
Show sources
- Microsoft Fixes 17 Critical Flaws in May Patch Tuesday — www.infosecurity-magazine.com — 13.05.2026 11:15
- Microsoft Fixes 17 Critical Flaws in May Patch Tuesday — www.infosecurity-magazine.com — 13.05.2026 11:15
- Critical Windows Netlogon RCE flaw now exploited in attacks — www.bleepingcomputer.com — 01.06.2026 15:30