Skip to main content
World Today News
  • Home
  • News
  • World
  • Sport
  • Entertainment
  • Business
  • Health
  • Technology
Menu
  • Home
  • News
  • World
  • Sport
  • Entertainment
  • Business
  • Health
  • Technology

Critical Windows Netlogon Vulnerability (CVSS 9.8-10.0) Exploited in Active Attacks

June 3, 2026 Rachel Kim – Technology Editor Technology

Microsoft has confirmed that a critical vulnerability in its Windows Netlogon protocol—assigned a maximum CVSS score of 9.8—has been actively exploited since June 2, 2024, according to multiple independent security reports and internal advisories. The flaw, identified as CVE-2024-38080, allows attackers to escalate privileges and execute arbitrary code on domain controllers running Windows Server, with some sources reporting a separate but related flaw (CVE-2024-38076) carrying a CVSS score of 10.0. The disclosure comes as Microsoft races to patch the issue amid evidence of real-world attacks, while users of Windows 11 face additional complications from conflicting updates that have triggered storage errors.

The Netlogon vulnerability, which affects Windows Server 2019, 2022, and multi-domain environments, is being exploited to compromise Active Directory environments, according to security researchers who have observed malicious actors leveraging the flaw to move laterally within corporate networks. Microsoft’s security response team has issued emergency patches, but the rollout has been complicated by a separate issue: Windows 11 users installing the latest cumulative update (KB5089549) have reported system crashes and storage corruption tied to the EFI partition, a low-level firmware area critical to boot processes. The problem has forced Microsoft to adjust its update deployment strategy, though no official statement has confirmed whether the Netlogon patches are directly linked to the storage errors.

Security firms tracking the exploit note that the attacks are highly targeted, focusing on organizations with exposed domain controllers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-38080 to its Known Exploited Vulnerabilities Catalog on June 10, urging federal agencies to apply patches immediately. However, the agency has not disclosed whether private-sector victims have been identified, and Microsoft has not provided a public count of affected systems. The silence contrasts with the company’s usual transparency in major breach events, such as the 2021 Exchange Server attacks.

Meanwhile, Windows 11 users encountering the EFI partition issue—where updates fail due to insufficient storage in the system’s firmware reserve—have been advised to manually expand the partition or delay installations until Microsoft releases a corrected build. The problem stems from a design change in recent updates that reduces the available space for the EFI partition, a requirement for secure boot processes. While Microsoft has acknowledged the issue in its support forums, no timeline has been provided for a permanent fix, leaving administrators in a limbo between applying critical security patches and risking system instability.

Windows Server

The dual crises—active exploitation of a zero-day and update-induced storage failures—highlight the escalating pressure on Microsoft’s patch management system. The company has historically faced criticism for delayed responses to critical vulnerabilities, though recent improvements in its vulnerability disclosure program have been noted by industry analysts. For now, organizations relying on Windows Server are advised to prioritize the Netlogon patches, while Windows 11 users must weigh the risks of delayed updates against the potential for further system disruptions.

Microsoft has not commented on whether the Netlogon exploit is linked to state-sponsored actors, though security researchers speculate that the sophistication of the attacks suggests a highly resourced threat group. The company’s security blog has not yet published a detailed analysis of the exploit, leaving technical specifics—such as the attack chain or indicators of compromise—unconfirmed. As of June 12, no major organizations have publicly disclosed breaches tied to the vulnerability, though internal investigations remain ongoing in multiple sectors.

Share this:

  • Share on Facebook (Opens in new window) Facebook
  • Share on X (Opens in new window) X

Related

Search:

World Today News

World Today News is your trusted source for global journalism — breaking headlines, in-depth analysis, and reporting from around the world.

Quick Links

  • Privacy Policy
  • About Us
  • Accessibility statement
  • California Privacy Notice (CCPA/CPRA)
  • Contact
  • Cookie Policy
  • Disclaimer
  • DMCA Policy
  • Do not sell my info
  • EDITORIAL TEAM
  • Terms & Conditions

Browse by Location

  • GB
  • NZ
  • US

Connect With Us

© 2026 World Today News. All rights reserved. Your trusted global news source directory.
For contact, advertising, copyright, issues email: [email protected]

Privacy Policy Terms of Service