"Plus, there's at least one proof-of-concept attack floating around in cyberspace, and it only takes one specially crafted request to exploit the bug for full system takeover - so we know what Microsoft admins are doing this weekend. The vulnerability, tracked as CVE-2025-59287 and serious enough to receive a 9.8 out of 10 CVSS score, affects Windows Server versions 2012 through 2025. It stems from insecure deserialization of untrusted data and allows unauthenticated attackers to execute arbitrary code on vulnerable systems."
"Security researcher Kevin Beaumont said he poked holes in the out-of-band update in the lab, and after achieving remote code execution, "I was able to tamper with the updates offered to the clients and push out malicious updates to said clients ... I don't want to detail too much to prevent ransomware groups going nuts, but you can lift prior research and adapt it easily to add fake updates for clients.""
An unauthenticated remote code execution vulnerability in Windows Server Update Services (CVE-2025-59287) has a CVSS score of 9.8 and affects Windows Server 2012 through 2025. The flaw originates from insecure deserialization of untrusted data and allows attackers to execute arbitrary code with a single specially crafted request. At least one proof-of-concept exploit is public and active exploitation has been reported. Microsoft released an initial Patch Tuesday fix that proved incomplete and later issued an emergency update. Testing showed the emergency patch can be bypassed to tamper with WSUS updates and push malicious payloads. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog and Dutch authorities issued an alert.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]