Tag: update
-
Dringend patchen: Windows-Server werden über WSUS-Lücke attackiert
Angreifer können unter anderem manipulierte Windows-Updates einschleusen und diese an Clients verteilen lassen. Admins sollten schnell handeln. First seen on golem.de Jump to article: www.golem.de/news/dringend-patchen-windows-server-werden-ueber-wsus-luecke-attackiert-2510-201545.html
-
Microsoft Adds WiBased Work Location Auto-Detection to Teams
Microsoft is preparing to introduce a groundbreaking feature in Teams that will revolutionise how hybrid workers manage their presence information. The new capability will automatically identify and update users’ work locations by detecting their connection to organisational Wi-Fi networks, eliminating the need for manual status updates. Scheduled for deployment in December 2025, this opt-in functionality…
-
NDSS 2025 Rediscovering Method Confusion in Proposed Security Fixes for Bluetooth
Authors, Creators & Presenters: Maximilian von Tschirschnitz (Technical University of Munich), Ludwig Peuckert (Technical University of Munich), Moritz Buhl (Technical University of Munich), Jens Grossklags (Technical University of Munich) Session 1A, PAPER Rediscovering Method Confusion in Proposed Security Fixes for Bluetooth Previous works have shown that Bluetooth is susceptible to so-called Method Confusion attacks. These…
-
CISA Beware! Hackers Are Actively Exploiting Windows Server Update Services RCE Flaw in the Wild
Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, hacker, microsoft, rce, remote-code-execution, service, update, vulnerability, windowsCybersecurity researchers are sounding the alarm after discovering that hackers are actively exploiting a critical remote code execution (RCE) vulnerability in Microsoft’s Windows Server Update Services (WSUS). The flaw, tracked as CVE-2025-59287, allows unauthenticated attackers to run arbitrary code on vulnerable servers, and evidence suggests that these attacks are being carried out manually, a technique…
-
CVE-2025-59287: Microsoft fixes critical WSUS flaw under active attack
Microsoft released urgent updates to address the critical WSUS RCE vulnerability CVE-2025-59287, which is under active attack.. Microsoft released an out-of-band fix for CVE-2025-59287, a critical WSUS RCE flaw (CVSS 9.8) that is under active exploitation. Researchers MEOW and Markus Wulftange of CODE WHITE GmbH reported the vulnerability. >>To comprehensively address CVE-2025-59287, Microsoft has released…
-
Windows Server: OutBand Updates für WSUS-Schwachstelle CVE-2025-59287 (23.10.2025)
Es gibt ein Out-of-Band Update KB5070883 für Windows Server 2019, welches Microsoft zum 23. Oktober 2025 bereitgestellt hat. Ziel dieses Notfall-Updates ist es, eine kritische Schwachstelle in WSUS zu schließen. Die Remote Execution-Schwachstelle CVE-2025-59287 wurde mit einem CVSS-Score von 9.8 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/24/windows-server-2019-out-of-band-update-kb5070883-fuer-wsus-schwachstelle/
-
Hackers exploiting critical vulnerability in Windows Server Update Service
Microsoft has issued an out-of-band update and is urging users to immediately apply the patch. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/hackers-exploiting-critical-vulnerability-windows-server-update-service/803810/
-
Microsoft Issues Emergency Patch for Critical Windows Server Bug
Microsoft initially fixed CVE-2025-59287 in the WSUS update mechanism in the October 2025 Patch Tuesday release, but the company has now issued a second, out-of-band update for the flaw, which is under attack in the wild. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/microsoft-emergency-patch-windows-server-bug
-
Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation
Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild.The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech…
-
How AutoSecT Automates Android App Security Testing?
Think of your smartphones as digital vaults”, guarding your secrets, finances, and digital life within the confines of mobile apps. But even a single vulnerability can let attackers waltz right in. With threats emerging as frequently as taps, swipes, and updates, Android app security testing has become a high-stakes game you simply can’t afford to…
-
Critical WSUS flaw in Windows Server now exploited in attacks
Attackers are now exploiting a critical-severity Windows Server Update Service (WSUS) vulnerability, which already has publicly available proof-of-concept exploit code. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-now-exploiting-critical-windows-server-wsus-flaw-in-attacks/
-
Microsoft Issues Emergency Patch for Actively Exploited Critical WSUS Vulnerability
Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild.The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech…
-
Windows Server 2019: OutBand Updates KB5070883 für WSUS-Schwachstelle (23.10.2025)
Es gibt ein Out-of-Band Update KB5070883 für Windows Server 2019, welches Microsoft zum 23. Oktober 2025 bereitgestellt hat. Ziel dieses Notfall-Updates ist es, eine kritische Schwachstelle in WSUS zu schließen. Die Remote Execution-Schwachstelle CVE-2025-59287 wurde mit einem CVSS-Score von 9.8 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/24/windows-server-2019-out-of-band-update-kb5070883-fuer-wsus-schwachstelle/
-
Researchers warn of critical flaws in TP-Link routers
No active exploitation has been spotted, but the vendor and researchers advise users to apply updates immediately.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/researchers-warn-critical-flaws-tp-link-routers/803744/
-
Microsoft drops surprise Windows Server patch before weekend downtime
You didn’t have plans, did you? First seen on theregister.com Jump to article: www.theregister.com/2025/10/24/windows_server_patch/
-
Microsoft Issues Emergency Patch for Critical WSUS Remote Code Execution Flaw (CVE-2025-59287)
Microsoft has released an urgent out-of-band security update to address a severe remote code execution (RCE) vulnerability in Windows Server Update Services (WSUS). The flaw, tracked as CVE-2025-59287, poses a direct risk to organizations that utilize WSUS to manage Windows updates across their IT infrastructure. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/microsoft-fixes-cve-2025-59287/
-
Microsoft Issues Emergency Patch for Critical WSUS Remote Code Execution Flaw (CVE-2025-59287)
Microsoft has released an urgent out-of-band security update to address a severe remote code execution (RCE) vulnerability in Windows Server Update Services (WSUS). The flaw, tracked as CVE-2025-59287, poses a direct risk to organizations that utilize WSUS to manage Windows updates across their IT infrastructure. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/microsoft-fixes-cve-2025-59287/
-
Windows Server 2019: OutBand Update KB5070883 für WSUS-Schwachstelle (23.10.2025)
Es gibt ein Out-of-Band Update KB5070883 für Windows Server 2019, welches Microsoft zum 23. Oktober 2025 bereitgestellt hat. Ziel dieses Notfall-Updates ist es, eine kritische Schwachstelle in WSUS zu schließen. Die Remote Execution-Schwachstelle CVE-2025-59287 wurde mit einem CVSS-Score von 9.8 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/24/windows-server-2019-out-of-band-update-kb5070883-fuer-wsus-schwachstelle/
-
Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287)
Microsoft has released an out-of-band security update that >>comprehensively
-
Microsoft blocks risky file previews in Windows File Explorer
Along with fixing many code-based vulnerabilities, the October 2025 Windows updates also change how File Explorer handles files downloaded from the internet. The change … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/24/microsoft-blocks-risky-file-previews-in-windows-file-explorer/
-
Microsoft blocks risky file previews in Windows File Explorer
Along with fixing many code-based vulnerabilities, the October 2025 Windows updates also change how File Explorer handles files downloaded from the internet. The change … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/24/microsoft-blocks-risky-file-previews-in-windows-file-explorer/
-
Microsoft blocks risky file previews in Windows File Explorer
Along with fixing many code-based vulnerabilities, the October 2025 Windows updates also change how File Explorer handles files downloaded from the internet. The change … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/24/microsoft-blocks-risky-file-previews-in-windows-file-explorer/
-
Windows Server emergency patches fix WSUS bug with PoC exploit
Microsoft has released out-of-band (OOB) security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with publicly available proof-of-concept exploit code. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-releases-windows-server-emergency-updates-for-critical-wsus-rce-flaw/
-
Microsoft Releases Urgent Fix for Windows Server Update Services RCE FLaw
Microsoft has released a critical security patch to address a severe remote code execution vulnerability affecting Windows Server Update Services (WSUS). The flaw, tracked as CVE-2025-59287, poses an immediate threat to organizations managing Windows updates across their infrastructure. Attribute Details CVE ID CVE-2025-59287 Released October 14, 2025 Last Updated October 23, 2025 Vulnerability Type Remote…
-
Skript dreht durch: Update-Panne wirft HP-Nutzer aus Microsoft-Umgebungen
Ein per Update für HP Oneagent verteiltes Powershell-Skript hat gravierende Folgen. Es löscht wild und ohne Rückfrage teils wichtige Zertifikate. First seen on golem.de Jump to article: www.golem.de/news/skript-dreht-durch-update-panne-wirft-hp-nutzer-aus-microsoft-umgebungen-2510-201495.html
-
Ransomware recovery perils: 40% of paying victims still lose their data
Tags: access, attack, authentication, backup, breach, business, ceo, crypto, cyber, cybersecurity, data, data-breach, encryption, extortion, finance, GDPR, group, incident response, insurance, leak, mfa, privacy, ransom, ransomware, resilience, risk, risk-management, service, threat, updateAdditional recovery pressures: Modern ransomware attacks now routinely involve double or triple extortion whereby attackers threaten to leak stolen data or launch distributed denial of service (DDoS) attacks even after payment.This fundamentally changes the calculus on what victims can expect in cases where they decide to make a ransomware payment, which more often than not…
-
Ransomware recovery perils: 40% of paying victims still lose their data
Tags: access, attack, authentication, backup, breach, business, ceo, crypto, cyber, cybersecurity, data, data-breach, encryption, extortion, finance, GDPR, group, incident response, insurance, leak, mfa, privacy, ransom, ransomware, resilience, risk, risk-management, service, threat, updateAdditional recovery pressures: Modern ransomware attacks now routinely involve double or triple extortion whereby attackers threaten to leak stolen data or launch distributed denial of service (DDoS) attacks even after payment.This fundamentally changes the calculus on what victims can expect in cases where they decide to make a ransomware payment, which more often than not…
-
Microsoft Boosts Windows Security by Disabling File Previews for Downloads
Microsoft has rolled out a significant security enhancement to Windows File Explorer, automatically disabling the preview pane for files downloaded from the internet as part of security updates released on and after October 14, 2025. This proactive measure targets a long-standing vulnerability that attackers have exploited to harvest NTLM hashes and sensitive credentials used for…
-
Keeping Up with Cloud Security: Updates to Our AWS Assessments
AttackIQ has enhanced and expanded two AWS security assessments, by introducing nine new scenarios that emulate real-world techniques and tactics that could be used by threat actors to compromise AWS cloud environments. These updates are designed to provide a more comprehensive evaluation of your AWS cloud security posture by covering a broader range of attack…