Topic: wsus vulnerability
-
Skuld Infostealer Exploits WSUS Flaw (CVE-2025-59287)
A critical remote code execution vulnerability (CVE-2025-59287) in Windows Server Update Services (WSUS) is being actively exploited, allowing attackers to install information-stealing malware on unpatched systems. The flaw stems from unsafe deserialization of untrusted data, enabling unauthentic...
Read More » -
Urgent Microsoft WSUS Flaw Actively Exploited After Patch
A severe security vulnerability (CVE-2025-59287) in Microsoft's WSUS allows unauthenticated remote code execution with SYSTEM privileges, prompting an urgent out-of-band patch due to incomplete initial fixes. The flaw arises from unsafe deserialization via BinaryFormatter in the `GetCookie()` end...
Read More » -
Active Attacks Exploit Critical WSUS Flaw in Windows Server
Actively exploited critical vulnerabilities (CVE-2025-59287) in Windows Server Update Services (WSUS) allow remote code execution and system takeover, requiring immediate emergency patching. Microsoft has released out-of-band security updates for all affected Windows Server versions and recommend...
Read More » -
Urgent: Actively Exploited WSUS Bug Now on CISA KEV List
A critical security flaw (CVE-2025-59287) in Windows Server Update Services (WSUS) allows unauthenticated attackers to execute remote code with system privileges by exploiting the GetCookie() endpoint. The vulnerability is under active exploitation, prompting urgent patching by Microsoft and incl...
Read More » -
Google: Microsoft WSUS Attacks Strike Multiple Organizations
A critical remote code execution vulnerability (CVE-2025-59287) in Microsoft's WSUS is being actively exploited, affecting Windows Server versions from 2012 to 2025, despite an emergency patch being released after initial fixes failed. Exploitation involves unauthenticated attackers running arbit...
Read More » -
CISA Urges Immediate Patch for Critical Windows Server Flaw
A critical remote code execution vulnerability (CVE-2025-59287) in Windows Server Update Services (WSUS) allows attackers to gain full SYSTEM-level control without user interaction, posing a severe threat to organizational networks. CISA has mandated federal agencies to patch the flaw within thre...
Read More » -
Microsoft WSUS Patch Disables Windows Server Hotpatching
Microsoft's emergency security update KB5070881, intended to fix a critical remote code execution vulnerability (CVE-2025-59287), inadvertently disrupted hotpatching on some Windows Server 2025 systems, forcing them to require restarts for updates. The update was quickly blocked for hotpatch-enab...
Read More » -
Urgent WSUS Vulnerability: Patch Windows Server Now
A critical security flaw (CVE-2025-59287) in Microsoft's WSUS allows unauthorized remote code execution with system-level privileges, affecting multiple Windows Server versions. The vulnerability stems from the deserialization of untrusted data, enabling attackers to fully compromise servers, pro...
Read More » -
October 2025 Patch Tuesday: Final Windows 10 Updates
Microsoft's October 2025 Patch Tuesday marks the final scheduled update for Windows 10, addressing 172 security vulnerabilities including two actively exploited zero-day flaws. Critical vulnerabilities include remote code execution bugs in Microsoft Office's Preview Pane and Windows Server Update...
Read More »