The Centre for Cybersecurity Belgium (CCB), the country’s national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attacks.

Netlogon is a remote procedure call (RPC) interface and a core Microsoft Windows Server background service that authenticates services and users on Windows domain-based networks.

Microsoft patched this vulnerability (CVE-2026–41089) during the May 2026 Patch Tuesday, describing it as a stack-based buffer overflow in Windows Netlogon that allows attackers without privileges to gain remote code execution on targeted domain controllers.