Post by Christoffer Andersson

CVE-2026-41089 — Microsoft Windows Netlogon BuildSamLogonResponse Stack-based Buffer Overflow RCE Note: The target domain controller must have a sufficiently long DNS domain name (approximately 50+ characters) for the combined response data to exceed the 528-byte buffer. Domain controllers with short domain names (e.g., “example.com”) are not vulnerable. When the they fixed this I guess they also "damaged" the functionality of the DCLocator in Windows Server 2016.