Windows Active Directory Vulnerability Allows Malicious Code

Microsoft has released urgent security updates addressing a critical vulnerability in Windows Active Directory. This flaw enables attackers to execute malicious code.

Disclosed on April 14, 2026, the vulnerability poses a significant risk to enterprise networks by potentially granting threat actors deep access to core identity and access management servers. Microsoft urges administrators to apply the official fixes immediately.

Tracked as CVE-2026-33826, the security flaw originates from improper input validation (CWE-20) within the Windows Active Directory infrastructure.

According to Microsoft’s security advisory, the vulnerability carries a Common Vulnerability Scoring System (CVSS) base score of 8.0, firmly placing it in the critical severity category.

To successfully exploit this weakness, a threat actor must send a specially crafted Remote Procedure Call (RPC) to an affected RPC host.

Windows Active Directory Vulnerability

Because the system fails to validate this input properly, the attacker can trigger remote code execution on the server. Microsoft warns that this executed code will run with the same permissions as the RPC service.

Potentially allowing an attacker to manipulate Active Directory services, alter configurations, or compromise domain security.

While the vulnerability is critical, Microsoft notes that the attack is low-complexity and requires no user interaction to succeed. However, the threat is somewhat contained by its specific network requirements.

The vulnerability features an “Adjacent” attack vector (AV: A). This means the attack surface is restricted and cannot be reached directly from the broader internet.

To exploit the flaw, an authenticated attacker must already maintain a presence within the same restricted Active Directory domain as the target system.

While this prevents opportunistic internet-wide scanning, it remains a highly valuable tool for insider threats or attackers who have already breached the perimeter and are attempting lateral movement across the network.

According to Microsoft, there is no evidence of active exploitation in the wild, and the maturity of the exploit code remains unproven. The flaw was discovered and reported to Microsoft by security researcher Aniq Fakhrul.

Microsoft has released cumulative updates and monthly rollups to address the vulnerability across all supported versions of Windows Server.

The fix is required for both standard installations and Server Core environments. System administrators should immediately deploy the following security updates based on their operating system:

• Windows Server 2012 R2 (KB5082126)
• Windows Server 2016 (KB5082198)
• Windows Server 2019 (KB5082123)
• Windows Server 2022, including 23H2 Edition (KB5082142 and KB5082060)
• Windows Server 2025 (KB5082063)

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.