🔴 A critical Windows Netlogon flaw is being actively exploited… and it goes straight for domain controllers

If you manage Windows Server domain controllers for clients, this needs attention today.

CVE-2026-41089 is a CVSS 9.8 stack-based buffer overflow in Windows Netlogon, the service that handles authentication across every Windows domain environment. Belgium’s national cybersecurity authority confirmed active exploitation on Friday. An attacker sends a specially created network request to a domain controller and can execute arbitrary code remotely without authentication. BleepingComputer

Security researchers say this flaw is a fast path to forest-wide takeover. Every domain controller, every account, and every client site that shares the same domain.

Microsoft disclosed the vulnerability on May 12 and originally rated exploitation as “less likely.” Active exploitation has now been confirmed. The official fix arrives with June Patch Tuesday on June 10 (eight days away).

Given what’s at stake, waiting is not recommended. Acros Security has released micropatches for legacy Windows Server versions (2008 R2, 2012, 2012 R2) for environments that can’t wait. Watch for unusual Netlogon service crashes, unexpected authentication failures, and anomalous domain trust errors as potential signs of exploitation. Help Net Security

🟡 Dutch police just took a 17 million-device botnet offline… did some of those devices belong to your clients' employees?

The Dutch National Police and NCSC announced last week they had dismantled Asocks, a massive residential proxy botnet running across 17 million compromised consumer devices globally. BleepingComputer

A residential proxy botnet works by silently enslaving ordinary consumer devices such as home routers, smartphones, IoT equipment. And then routing criminal traffic through them. The result: cyberattacks appear to originate from legitimate residential IP addresses, bypassing IP reputation filters and making detection significantly harder.

🟢 MSP Global is heading back to Barcelona in October… and it's taking over a theme park again

MSP Global 2026 returns to PortAventura theme park near Barcelona on October 21-22. 3,000+ MSPs and MSSPs will be there, for what the organisers describe as “the best parties the industry has ever seen.”

This year’s theme is “Serve Your Ecosystem”, focused on how MSPs can actively support and strengthen their wider partner and client ecosystems through AI, cybersecurity, compliance, and growth strategies. MSP Global

If you subscribe to their newsletter you can get a free registration code, saving €399 on the standard attendee pass.

Rollercoasters and business growth. There are worse ways to spend two days.

That’s your lot for Tuesday. We’ll be back in your inbox tomorrow morning.