Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://chaos.social/users/christopherkunz/statuses/116691890157644163">Dr. Christopher Kunz (christopherkunz@chaos.social)'s status on Thursday, 04-Jun-2026 23:54:11 JST</a><a href="https://chaos.social/@christopherkunz" title="christopherkunz@chaos.social"><img src="https://gnusocial.jp/avatar/230467-48-20240109064907.webp" width="48" height="48" alt="Dr. Christopher Kunz" style="position: absolute; left: 0; top: 0;">Dr. Christopher Kunz</a><div><a href="https://infosec.exchange/@wdormann/116691885035123499" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://infosec.exchange/@wdormann">@wdormann</a> This writeup *seems* to make sense, were it not for the magic two letters in the TLD: <a href="https://aretiq.ai/research/vul260513-cve-2026-41089-microsoft-windows-netlogon-buildsamlogonresponse-stack-based-buffer-overflow-rce/" rel="nofollow">https://aretiq.ai/research/vul260513-cve-2026-41089-microsoft-windows-netlogon-buildsamlogonresponse-stack-based-buffer-overflow-rce/</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/6446003#notice-12701384">In conversation</a><time datetime="2026-06-04T23:54:11+09:00" title="Thursday, 04-Jun-2026 23:54:11 JST">about 4 days ago</time> <span>from <span><a href="https://chaos.social/@christopherkunz/116691890157644163" rel="external" title="Sent from chaos.social via ActivityPub">chaos.social</a></span></span><a href="https://chaos.social/@christopherkunz/116691890157644163">permalink</a><h4>Attachments</h4><ol><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://aretiq.ai/research/vul260513-cve-2026-41089-microsoft-windows-netlogon-buildsamlogonresponse-stack-based-buffer-overflow-rce/">CVE-2026-41089 — Microsoft Windows Netlogon BuildSamLogonResponse Stack-based Buffer Overflow RCE</a></h5><div> from <span>Aretiq AI</span></div></header><div>1. Overview A stack-based buffer overflow vulnerability exists in the Windows Netlogon service’s DC locator ping response handler. When a domain controller processes a CLDAP search request, it serializes response data including attacker-supplied and server-side strings into a fixed-size stack buffer without adequate bounds checking. An unauthenticated remote attacker can send a single crafted CLDAP packet to a domain controller’s UDP port 389, causing the Netlogon service to crash the LSASS process and force the domain controller to reboot. The exploitability depends on the target domain controller’s DNS naming configuration — domain controllers with longer DNS domain names and hostnames are vulnerable. Microsoft addressed this vulnerability in the May 2026 security update.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Dr. Christopher Kunz (christopherkunz@chaos.social)'s status on Thursday, 04-Jun-2026 23:54:11 JSTDr. Christopher Kunz
in reply to
- Will Dormann
@wdormann This writeup *seems* to make sense, were it not for the magic two letters in the TLD: https://aretiq.ai/research/vul260513-cve-2026-41089-microsoft-windows-netlogon-buildsamlogonresponse-stack-based-buffer-overflow-rce/
In conversationabout 4 days ago from chaos.socialpermalink
Attachments
1. No result found on File_thumbnail lookup.
  CVE-2026-41089 — Microsoft Windows Netlogon BuildSamLogonResponse Stack-based Buffer Overflow RCE
  from Aretiq AI
  1. Overview A stack-based buffer overflow vulnerability exists in the Windows Netlogon service’s DC locator ping response handler. When a domain controller processes a CLDAP search request, it serializes response data including attacker-supplied and server-side strings into a fixed-size stack buffer without adequate bounds checking. An unauthenticated remote attacker can send a single crafted CLDAP packet to a domain controller’s UDP port 389, causing the Netlogon service to crash the LSASS process and force the domain controller to reboot. The exploitability depends on the target domain controller’s DNS naming configuration — domain controllers with longer DNS domain names and hostnames are vulnerable. Microsoft addressed this vulnerability in the May 2026 security update.

Public

Embed Notice

HTML Code

Corresponding Notice