Microsoft is publishing 137 vulnerabilities on May 2026 Patch Tuesday. Microsoft is not aware of exploitation in the wild or public disclosure for any of these vulnerabilities. So far this month, Microsoft has provided patches to address 133 browser vulnerabilities, which are not included in the Patch Tuesday count above.
Windows Netlogon: critical RCE
Anyone responsible for securing a domain controller should prioritize remediation of CVE-2026-41089, which is a critical stack-based buffer overflow in Windows Netlogon with a CVSS v3 base score of 9.8. Exploitation leads to execution in the context of the Netlogon service, so that’s SYSTEM privileges on the domain controller. For most pentesters, that’s the point at which the customer report more or less writes itself. No privileges or user interaction are required, and attack complexity is low, which suggests that creation of a reliable exploit might not be especially difficult for anyone with knowledge of the specific mechanism.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- CVE-2023-47246: SysAid Zero-Day Vulnerability Exploited By Lace Tempest
November 9, 2023
On November 8, 2023, IT service management company SysAid disclosed CVE-2023-47426, a zero-day path traversal vulnerability affecting on-premise SysAid servers. According to Microsoft’s threat intelligence team, it has been exploited in the wild by DEV-0950 (Lace Tempest) in “limited attacks.” In a social media thread published the evening of November 8, Microsoft emphasized that Lace Tempest ...
- SysAid warns customers to patch after ransomware gang caught exploiting new zero-day flaw
November 9, 2023
Software maker SysAid is warning customers that hackers linked to a notorious ransomware gang are exploiting a newly discovered vulnerability in its widely used IT service automation software. SysAid chief technology officer Sasha Shapirov confirmed in a blog post Wednesday that attackers are exploiting a zero-day flaw affecting its on-premises software. A vulnerability is considered a ...
- FBI: Ransomware Actors Continue to Gain Access through Third Parties and Legitimate System Tools
November 8, 2023
The Federal Bureau of Investigation (FBI) is releasing this Private Industry Notification to highlight ransomware initial access trends and encourage organizations to implement the recommendations in the “Mitigations” section to reduce the likelihood and impact of ransomware incidents. Threat As of July 2023, the FBI noted several trends emerging or continuing across the ransomware environment and ...
- Rapid7 Observed Exploitation of Atlassian Confluence CVE-2023-22518
November 6, 2023
As of November 5, 2023, Rapid7 Managed Detection and Response (MDR) is observing exploitation of Atlassian Confluence in multiple customer environments, including for ransomware deployment. We have confirmed that at least some of the exploits are targeting CVE-2023-22518, an improper authorization vulnerability affecting Confluence Data Center and Confluence Server. Atlassian published an advisory for the vulnerability ...
- New Report On Suffolk County Cyber Attack Raises Questions
November 6, 2023
The former IT commissioner for the Suffolk County Clerk’s department did not alert county officials that the computer network in the clerk’s office was responding to a “radical malware attack” until eight hours after he was alerted, the Press has learned. The Center for Internet Security (CIS) sent an email at 3 a.m. on Sept. 8, ...
- Atlassian update: “Take immediate action” to patch your Confluence Data Center and Server instances
November 2, 2023
Atlassian has released an advisory about a critical severity authentication vulnerability in the Confluence Server and Data Center. All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. Atlassian Cloud sites are not impacted by this vulnerability, so if your Confluence site is accessed via an atlassian.net domain, it is not ...