Microsoft is publishing 137 vulnerabilities on May 2026 Patch Tuesday. Microsoft is not aware of exploitation in the wild or public disclosure for any of these vulnerabilities. So far this month, Microsoft has provided patches to address 133 browser vulnerabilities, which are not included in the Patch Tuesday count above.
Windows Netlogon: critical RCE
Anyone responsible for securing a domain controller should prioritize remediation of CVE-2026-41089, which is a critical stack-based buffer overflow in Windows Netlogon with a CVSS v3 base score of 9.8. Exploitation leads to execution in the context of the Netlogon service, so that’s SYSTEM privileges on the domain controller. For most pentesters, that’s the point at which the customer report more or less writes itself. No privileges or user interaction are required, and attack complexity is low, which suggests that creation of a reliable exploit might not be especially difficult for anyone with knowledge of the specific mechanism.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Multiple Brother Devices: Multiple Vulnerabilities (FIXED)
June 25, 2025
Rapid7 conducted a zero-day research project into multifunction printers (MFP) from Brother Industries, Ltd. This research resulted in the discovery of 8 new vulnerabilities. Some or all of these vulnerabilities have been identified as affecting 689 models across Brother’s range of printer, scanner, and label maker devices. Additionally, 46 printer models from FUJIFILM Business Innovation, 5 ...
- Canadian Centre for Cyber Security/FBI: People’s Republic of China cyber threat activity
June 20, 2025
The Canadian Centre for Cyber Security (Cyber Centre) and the United States’ Federal Bureau of Investigation (FBI) are warning Canadians of the threat posed by People’s Republic of China (PRC) state-sponsored cyber threat actor tracked in industry reporting as Salt Typhoon. The Cyber Centre previously joined our partners in warning that PRC cyber actors have compromised ...
- BeyondTrust Releases Security Advisory for Remote Support & Privileged Remote Access
June 19, 2025
BeyondTrust has released a security advisory to address a vulnerability in the Remote Support and Privileged Remote Access systems. Remote Support allows authorised individuals such as IT Helpdesk staff to connect to remote systems. Privileged Remote Access facilitates just-in-time secure access to enterprise environments. CVE-2025-5309 is an ‘improper control of generation of code’ vulnerability with a ...
- CVE-2025-4365/CVE Unassigned: NetScaler Console/SDX Authenticated Arbitrary File Read/Write (FIXED)
June 18, 2025
During root cause analysis for the NetScaler Console vulnerability, CVE-2024-6235, Rapid7 discovered two high severity authenticated arbitrary file read and write vulnerabilities which were disclosed to the vendor in accordance with our disclosure policy. An Arbitrary File Read vulnerability (CVE-2025-4365) was identified in NetScaler Console version 14.1.8.50 and found to affect versions of NetScaler Console and ...
- Jaw-dropping security flaws found in open source code could allow hackers to spirit away entire projects
June 18, 2025
Experts have revealed several critical vulnerabilities in GitHub Actions workflows which could pose serious risks to some major open source projects. A recent investigation by Sysdig’s Threat Research Team (TRT) has exposed how misconfigurations, particularly involving the pull_request_target trigger, could let attackers seize control over active repositories or extract sensitive credentials. The team demonstrated this by ...
- Pre-Auth RCE Alert: Critical SSH Flaw in Erlang/OTP (CVE-2025-32433)
June 18, 2025
The SonicWall Capture Labs threat research team became aware of a pre-authentication vulnerability in Erlang/OTP (Open Telegram Platform) SSH server implementation, assessed its impact, and developed mitigation measures. Erlang/OTP is a known toolkit used to build scalable, fault-tolerant systems such as telecommunications, messaging platforms, IoT infrastructure and financial services. It is used by organizations like Ericsson, ...