(Image credit: Getty Images) The Great Exploitation of 2026 continues apace, with security vulnerabilities being published at an alarming rate, and more often than not, being exploited in the wild almost before anyone has any time to react. Today, Microsoft in the unfortunate limelight, with a 9.8-rated remote execution vulnerability affecting Windows Server domain controllers (DC), versions 2012 to current. The exploit and its explanation are simple: any unauthenticated user in the same network can send a malformed UDP packet to a DC and potentially get system access — no previous access required. Even if an attacker doesn't go that far, it's trivial for anyone to force the DC to reboot, creating potential denial-of-service scenarios. The vulnerability is CVE-2026-41089 , and it's mercifully not a zero-day this time. The vulnerable service is Netlogon, and there's apparently no mitigation, with the only solution being to patch the affected systems.…