#Windows Server
PoC Published for CVE-2026-24294: NTLM Reflection Bypass Grants SYSTEM Access on Windows Server 2025
Synacktiv has released a working PoC for CVE-2026-24294, a new NTLM reflection bypass that grants SYSTEM-level access on Windows Server 2025 by abusing the SMB-over-custom-port feature. Microsoft patched...
CVE-2026-41089: Windows Netlogon 0-Click RCE Now Actively Exploited — Patch Domain Controllers Immediately
Microsoft’s May 2026 Patch Tuesday addressed CVE-2026-41089, a critical Windows Netlogon 0-click RCE — now actively exploited in the wild. Domain controllers running unpatched Windows Server face complete...
Microsoft Confirms Windows Server 2025 Domain Controllers Enter Reboot Loops After April 2026 Patch
Microsoft has confirmed that the April 2026 cumulative update KB5082063 causes Windows Server 2025 domain controllers to enter reboot loops, with some systems also failing to install the...