| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| CVE-2026-47288 | Windows Kerberos Key Distribution Center (KDC) Remote Code Execution | Windows Server | Critical | 01-07-2026 |
Technical Information
An authenticated attacker can exploit an integer overflow vulnerability by sending specially crafted Kerberos authentication data to a domain controller, causing the affected component to incorrectly handle memory and enabling remote code execution on the domain controller without requiring user interaction.
Patch release date: Jun 09, 2026
Further information on this vulnerability is available at : CVE-2026-47288
Affected Software
Windows Server 2019,Windows Server 2019 (Server Core installation),
Windows Server 2022,
Windows Server 2022 (Server Core installation),
Windows Server 2025 (Server Core installation),
Windows Server 2025,
Windows Server 2016,
Windows Server 2016 (Server Core installation),
Windows Server 2012,
Windows Server 2012 (Server Core installation),
Windows Server 2012 R2,
Windows Server 2012 R2 (Server Core installation)