297/69 Tuesday, June 2, 2026
The Belgian Centre for Cyber Security (CCB) has warned that the Windows Netlogon vulnerability tracked as CVE-2026-41089 is being actively exploited in real-world attacks. The vulnerability is rated Critical and was addressed by Microsoft in its May 2026 security updates. The flaw affects the Netlogon service, a core component of Windows Server responsible for authenticating users and services within Active Directory domain environments.
According to Microsoft, the vulnerability is a stack-based buffer overflow in Windows Netlogon. An unauthenticated attacker could exploit the flaw by sending specially crafted network requests to a Windows Server acting as a Domain Controller. Successful exploitation could allow remote code execution (RCE) on the targeted system. The vulnerability affects all supported versions of Windows Server, including Windows Server 2025.
Organizations operating Windows Server environments, particularly systems serving as Domain Controllers, should urgently verify that the latest Microsoft security updates have been installed. Administrators are also advised to review system event logs, monitor for unusual Netlogon-related network activity or authentication requests, and restrict access to Domain Controllers from unnecessary networks. At the time of reporting, the CCB has not released technical details regarding the observed attacks, and Microsoft has not yet updated its advisory to officially confirm active exploitation.