#cve202641096 — Public Fediverse posts

Hunting CVE-2026-41096 (Windows DNS Client RCE, CVSS 9.8) in Advanced Hunting?

DeviceProcessEvents
| where Timestamp > ago(7d)
| where InitiatingProcessFileName =~ "svchost.exe"
| where InitiatingProcessCommandLine has_any ("dnscache", "NetworkService")
| where FileName !in~ ("conhost.exe", "WerFault.exe", "wermgr.exe")
| project Timestamp, DeviceName, FileName, ProcessCommandLine
| order by Timestamp desc

#CVE202641096 #KQL #ThreatHunting #MDE

Hunting CVE-2026-41096 (Windows DNS Client RCE, CVSS 9.8) in Advanced Hunting?

DeviceProcessEvents
| where Timestamp > ago(7d)
| where InitiatingProcessFileName =~ "svchost.exe"
| where InitiatingProcessCommandLine has_any ("dnscache", "NetworkService")
| where FileName !in~ ("conhost.exe", "WerFault.exe", "wermgr.exe")
| project Timestamp, DeviceName, FileName, ProcessCommandLine
| order by Timestamp desc

#CVE202641096 #KQL #ThreatHunting #MDE

Hunting CVE-2026-41096 (Windows DNS Client RCE, CVSS 9.8) in Advanced Hunting?

DeviceProcessEvents
| where Timestamp > ago(7d)
| where InitiatingProcessFileName =~ "svchost.exe"
| where InitiatingProcessCommandLine has_any ("dnscache", "NetworkService")
| where FileName !in~ ("conhost.exe", "WerFault.exe", "wermgr.exe")
| project Timestamp, DeviceName, FileName, ProcessCommandLine
| order by Timestamp desc

#CVE202641096 #KQL #ThreatHunting #MDE

Hunting CVE-2026-41096 (Windows DNS Client RCE, CVSS 9.8) in Advanced Hunting?

DeviceProcessEvents
| where Timestamp > ago(7d)
| where InitiatingProcessFileName =~ "svchost.exe"
| where InitiatingProcessCommandLine has_any ("dnscache", "NetworkService")
| where FileName !in~ ("conhost.exe", "WerFault.exe", "wermgr.exe")
| project Timestamp, DeviceName, FileName, ProcessCommandLine
| order by Timestamp desc

#CVE202641096 #KQL #ThreatHunting #MDE

Hunting CVE-2026-41096 (Windows DNS Client RCE, CVSS 9.8) in Advanced Hunting?

DeviceProcessEvents
| where Timestamp > ago(7d)
| where InitiatingProcessFileName =~ "svchost.exe"
| where InitiatingProcessCommandLine has_any ("dnscache", "NetworkService")
| where FileName !in~ ("conhost.exe", "WerFault.exe", "wermgr.exe")
| project Timestamp, DeviceName, FileName, ProcessCommandLine
| order by Timestamp desc

#CVE202641096 #KQL #ThreatHunting #MDE

Microsoft Patches 138 Vulnerabilities, Including Critical DNS and Netlogon Flaws

Microsoft just patched a critical DNS flaw that could let hackers execute code on your network, along with 137 other vulnerabilities - so make sure to update ASAP! The update also includes a mandatory rollout of updated Secure Boot certificates to keep your system secure.

https://osintsights.com/microsoft-patches-138-vulnerabilities-including-critical-dns-and-netlogon-flaws?utm_source=mastodon&utm_medium=social

#WindowsDns #Cve202641096 #SecureBoot #Microsoft #PatchTuesday

Microsoft Patches 138 Vulnerabilities, Including Critical DNS and Netlogon Flaws

Microsoft just patched a critical DNS flaw that could let hackers execute code on your network, along with 137 other vulnerabilities - so make sure to update ASAP! The update also includes a mandatory rollout of updated Secure Boot certificates to keep your system secure.

https://osintsights.com/microsoft-patches-138-vulnerabilities-including-critical-dns-and-netlogon-flaws?utm_source=mastodon&utm_medium=social

#WindowsDns #Cve202641096 #SecureBoot #Microsoft #PatchTuesday