The Centre for Cybersecurity Belgium (CCB), the rustic’s nationwide authority for cybersecurity, warned on Friday that danger actors at the moment are exploiting a just lately patched essential Home windows Netlogon vulnerability in assaults.
Netlogon is a far off process name (RPC) interface and a core Microsoft Home windows Server background carrier that authenticates services and products and customers on Home windows domain-based networks.
Microsoft patched this vulnerability (CVE-2026-41089) all the way through the Would possibly 2026 Patch Tuesday, describing it as a stack-based buffer overflow in Home windows Netlogon that permits attackers with out privileges to achieve far off code execution on centered area controllers.
“An attacker may ship a specifically crafted community request to a Home windows server this is appearing as a site controller,” it mentioned. “If a hit, this would reason the Netlogon carrier to improperly maintain the request, doubtlessly permitting the attacker to run code at the affected device while not having to check in or have prior get admission to.”
CVE-2026-41089 affects all recently supported Home windows Server variations, together with the most recent liberate, Home windows Server 2025.
In line with a safety advisory printed via the corporate on Would possibly 12, the vulnerability used to be found out via Home windows Assault Analysis & Coverage (WARP), an inner offensive cybersecurity and engineering analysis crew at Microsoft.
On Friday, Belgium’s nationwide cybersecurity authority (CCB) warned that attackers at the moment are actively exploiting the CVE-2026-41089 safety flaw within the wild and instructed admins to right away patch prone servers.
“CVE-2026-41089 in #Home windows #Netlogon is now actively #exploited within the wild and may result in #RCE. CVSS(3.1): 9.8,” the CBC warned in a Friday tweet. “Patch as temporarily as imaginable.”
Alternatively, the CCB did not supply additional main points on those ongoing assaults and did not reply to a BleepingComputer request for more info.
Microsoft has but to replace its advisory, and an organization spokesperson did not respond to an electronic mail from BleepingComputer asking for affirmation that CVE-2026-41089 is now actively exploited.
Two weeks in the past, Microsoft shared mitigation measures for YellowKey (CVE-2026-45585), a Home windows BitLocker zero-day vulnerability that grants get admission to to secure drives, described as a backdoor via nameless safety researcher ‘Nightmare Eclipse,’ who additionally disclosed it and printed a proof-of-concept (PoC) exploit.
During the last a number of months, Nightmare Eclipse additionally disclosed the BlueHammer (CVE-2026-33825) and RedSun (CVE-2026-41091) privilege escalation zero-day flaws (each now being exploited in assaults), the GreenPlasma and MiniPlasma zero-day privilege escalation flaws that supply SYSTEM privileges, and UnDefend (CVE-2026-45498), every other zero-day that attackers with usual consumer permissions can exploit to dam Microsoft Defender definition updates.
To begin with, Microsoft has reacted to Nightmare Eclipse with thinly veiled threats of felony motion, adopted via a tweet announcing that the corporate “will paintings with legislation enforcement as suitable” when “a person breaks the legislation and engages in malicious job inflicting actual hurt to our consumers.”
Computerized pentesting gear ship actual worth, however they have been constructed to reply to one query: can an attacker transfer during the community? They weren’t constructed to check whether or not your controls block threats, your detection laws hearth, or your cloud configs cling.
This information covers the 6 surfaces you if truth be told wish to validate.
Obtain Now
