May Patch Tuesday roundup: Critical holes in Windows Netlogon, DNS, and SAP S/4HANA
Summary
Microsoft's May Patch Tuesday addresses 118 vulnerabilities, including critical flaws in Windows Server's Netlogon service (CVE-2026-41089) and DNS Client (CVE-2026-41096). The Netlogon vulnerability poses a high risk of domain-level compromise, credential theft, and ransomware deployment, while the DNS vulnerability could lead to widespread endpoint compromise.
IFF Assessment
This article details critical vulnerabilities in widely used Microsoft services that could lead to domain compromise and widespread endpoint compromise, representing a significant threat to organizations.
Severity
The CVSS score of 9.8 for CVE-2026-41089 indicates a critical vulnerability that requires no authentication or user interaction to exploit, leading to significant impacts on domain controllers and identity infrastructure.
Defender Context
Defenders must prioritize patching these critical vulnerabilities, especially CVE-2026-41089 and CVE-2026-41096, as they present a high risk of domain compromise and widespread endpoint infection. Organizations should monitor for indicators of compromise related to Netlogon and DNS services, and ensure robust patch management processes are in place.