The author describes a critical vulnerability in the Windows DNS client ([CVE-2026-41096](https://t.me/c/2413665149/18/3695)) that leads to remote code execution. It is noted that the vulnerability affects a low-level DNS handling mechanism via the `DNSQueryRaw` API, which allows applications to send raw DNS queries and receive responses without standard normalization and filtering.

Exploitation is possible through control or interception of DNS traffic (e.g., via MITM, compromised DNS servers, or malicious Wi-Fi). The attack vector does not require user interaction: it is sufficient to trigger a DNS request to a crafted domain. Since DNS queries are handled by a system service, the attack executes in a high-privileged process context, potentially allowing escalation to `SYSTEM` level.

📎 Article: https://x.com/TwoSevenOneT/status/2062546010950479925

Analysis of an RCE Vulnerability in Windows DNS Client (CVE-2026-41096)