Disclosed on April 14, 2026, the vulnerability poses a significant risk to enterprise networks by potentially granting threat actors deep access to core identity and access management servers. Microsoft urges administrators to apply the official fixes immediately.
Tracked as CVE-2026-33826, the security flaw originates from improper input validation (CWE-20) within the Windows Active Directory infrastructure.
According to Microsoft’s security advisory, the vulnerability carries a Common Vulnerability Scoring System (CVSS) base score of 8.0, firmly placing it in the critical severity category.
To successfully exploit this weakness, a threat actor must send a specially crafted Remote Procedure Call (RPC) to an affected RPC host.
Because the system fails to validate this input properly, the attacker can trigger remote code execution on the server. Microsoft warns that this executed code will run with the same permissions as the RPC service.
Potentially allowing an attacker to manipulate Active Directory services, alter configurations, or compromise domain security.
While the vulnerability is critical, Microsoft notes that the attack is low-complexity and requires no user interaction to succeed. However, the threat is somewhat contained by its specific network requirements.
The vulnerability features an “Adjacent” attack vector (AV: A). This means the attack surface is restricted and cannot be reached directly from the broader internet.
To exploit the flaw, an authenticated attacker must already maintain a presence within the same restricted Active Directory domain as the target system.
While this prevents opportunistic internet-wide scanning, it remains a highly valuable tool for insider threats or attackers who have already breached the perimeter and are attempting lateral movement across the network.
According to Microsoft, there is no evidence of active exploitation in the wild, and the maturity of the exploit code remains unproven. The flaw was discovered and reported to Microsoft by security researcher Aniq Fakhrul.
Microsoft has released cumulative updates and monthly rollups to address the vulnerability across all supported versions of Windows Server.
The fix is required for both standard installations and Server Core environments. System administrators should immediately deploy the following security updates based on their operating system:
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Windows Active Directory Vulnerability Allow Attackers to Execute Malicious Code appeared first on Cyber Security News.
It's no surprise why USB portable monitors are becoming so popular. They provide extra screen…
It's no surprise why USB portable monitors are becoming so popular. They provide extra screen…
Few tools are as useful for simple cleaning and maintenance than a powerful air duster.…
It's no surprise why USB portable monitors are becoming so popular. They provide extra screen…
Few tools are as useful for simple cleaning and maintenance than a powerful air duster.…
Disney has been slowly remastering its animated classics in 4K and it seems the latest…
This website uses cookies.