Critical Windows Netlogon RCE Vulnerability (CVE-2026-41089) Under Active Exploitation
A severe Windows Netlogon remote code execution (RCE) vulnerability, tracked as CVE-2026-41089, is now being actively exploited in the wild, posing a major threat to unpatched Windows Server environments. The flaw affects domain controllers, allowing unauthenticated attackers to execute arbitrary code with SYSTEM-level privileges by sending specially crafted Netlogon network requests.
Exploitation requires only network access to a vulnerable domain controller’s Netlogon service, making it a high-risk zero-click attack vector. The vulnerability highlights a growing trend where threat actors target overlooked gaps such as drivers, update services, and misconfigurations rather than relying solely on zero-day exploits.
Security researchers confirm that attacks are already underway, underscoring the urgency for organizations to apply available patches. The flaw’s combination of no user interaction required and privilege escalation to SYSTEM makes it particularly dangerous for enterprise networks.
Source: https://www.linkedin.com/feed/update/urn:li:activity:7467053423113445376
Microsoft TPRM report: https://www.rankiteo.com/company/microsoft-security-response-center
"id": "mic1780287882",
"linkid": "microsoft-security-response-center",
"type": "Vulnerability",
"date": "6/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'type': 'Organization'}],
'attack_vector': 'Network access to Netlogon service',
'description': 'A severe Windows Netlogon remote code execution (RCE) '
'vulnerability, tracked as CVE-2026-41089, is now being '
'actively exploited in the wild, posing a major threat to '
'unpatched Windows Server environments. The flaw affects '
'domain controllers, allowing unauthenticated attackers to '
'execute arbitrary code with SYSTEM-level privileges by '
'sending specially crafted Netlogon network requests. '
'Exploitation requires only network access to a vulnerable '
'domain controller’s Netlogon service, making it a high-risk '
'zero-click attack vector.',
'impact': {'systems_affected': 'Domain controllers'},
'post_incident_analysis': {'root_causes': 'Overlooked gaps in drivers, update '
'services, and misconfigurations'},
'recommendations': 'Apply available patches urgently to mitigate the '
'vulnerability.',
'references': [{'source': 'Security researchers'}],
'response': {'remediation_measures': 'Apply available patches'},
'title': 'Critical Windows Netlogon RCE Vulnerability (CVE-2026-41089) Under '
'Active Exploitation',
'type': 'Remote Code Execution (RCE)',
'vulnerability_exploited': 'CVE-2026-41089'}