美国网络安全与基础设施安全局(CISA)向全球组织发出警告,微软Windows Server Update Services(WSUS)中存在一个正被积极利用的关键远程代码执行(RCE)漏洞。
该漏洞利用了 GetCookie 端点中的遗留序列化机制,其中加密的 AuthorizationCookie 对象使用 AES-128-CBC 解密,并通过 BinaryFormatter 反序列化,无需类型验证,从而为整个系统接管打开了大门。
The Cybersecurity and Infrastructure Security Agency (CISA) ordered U.S. government agencies to patch a critical-severity ...
You have been warned. The latest Windows attacks have already started, and Microsoft has issued an emergency update. Here’s ...
Microsoft has released out-of-band (OOB) security updates to patch a critical-severity Windows Server Update Service (WSUS) ...
Microsoft has issued an emergency Windows server security patch to fix a critical severity flaw apparently abused in the wild ...
Security researchers are warning that cyber threat actors are abusing a critical vulnerability in Microsoft Windows Server ...
Overview Recently, NSFOCUS CERT detected that Microsoft released a security update that fixed the Windows Server Update Service (WSUS) remote code execution vulnerability (CVE-2025-59287); Because ...
The Register on MSN
Everybody's warning about critical Windows Server WSUS bug exploits ... but Microsoft's mum
Critical 9.8-rated vulnerability affects Windows Server 2012 - 2025 Governments and private security sleuths warned that ...
Admins are urged to immediately patch actively exploited vulnerabilities, including those in the legacy Agere modem driver in ...
Microsoft confirms Kerberos and NTLM login failures in Windows 11 24H2, 25H2, and Server 2025 due to duplicate SIDs after ...
Microsoft has confirmed that a new bug in Windows Server 2025 causes directory sync failures for AD groups with over 10,000 ...
一些您可能无法访问的结果已被隐去。
显示无法访问的结果
反馈