Post by Tanium

⚠️ If you haven’t patched your domain controllers yet, now is the time. The Centre for Cybersecurity Belgium recently warned that attackers were exploiting CVE-2026-41089 in the wild and urged immediate patching. CVE-2026-41089 is a critical (CVSS 9.8) unauthenticated remote code execution flaw in Windows Netlogon. An attacker with network access to a domain controller — no credentials required — can execute code as SYSTEM, with a path to full Active Directory takeover. Failed attempts crash LSASS and reboot the DC. All supported Windows Server versions are affected. Tanium Comply and Patch give you everything you need: identify unpatched domain controllers and deploy the May 2026 security updates across your entire DC fleet in a single coordinated maintenance window. Read the full breakdown in our latest blog: https://lnkd.in/eJQhvyNk #CVE202641089 #WindowsServer #Netlogon #ActiveDirectory #endpointsecurity #autonomousIT #threatintelligence #patchmanagement