Intrusion PreventionMS.Windows.CVE-2026-33826.Remote.Code.Execution
Description
This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Microsoft Windows Active Directory.
The vulnerability is due to insufficient validation while handling packets. A remote attacker could exploit this vulnerability by sending maliciously crafted packets to a target system. Successful exploitation could lead to arbitrary code execution in the kernel system.
Affected Products
Microsoft Windows Server 2019
Microsoft Windows Server 2019 (Server Core installation)
Microsoft Windows Server 2022
Microsoft Windows Server 2022 (Server Core installation)
Microsoft Windows Server 2025 (Server Core installation)
Microsoft Windows Server 2022, 23H2 Edition (Server Core installation)
Microsoft Windows Server 2025
Microsoft Windows Server 2016
Microsoft Windows Server 2016 (Server Core installation)
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2012 R2 (Server Core installation)
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33826
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2026-04-15 | 36.202 |
New
|
| ID | 60685 |
| Created | Apr 15, 2026 |
| Updated | Apr 15, 2026 |
| CVE ID | |
| Risk |
|
| Exploit Prediction Score | 0.38% |
| Default Action | pass |
| Active | |
| Affected OS | Windows |
| Affected App | Other |
| Profile Type | Code Injection |