security detection kql
CVE-2026-41089: the Netlogon packet that reboots your domain controller
A pre-auth Windows Netlogon stack overflow (CVSS 9.8), exploited in the wild — why the popular Defender hunt watches the wrong port, and KQL for the real CLDAP path.
7 min read