美国网络安全与基础设施安全局（CISA）向全球组织发出警告，微软Windows Server Update Services（WSUS）中存在一个正被积极利用的关键远程代码执行（RCE）漏洞。

Microsoft has released out-of-band (OOB) security updates to patch a critical-severity Windows Server Update Service (WSUS) ...

Microsoft has issued an emergency Windows server security patch to fix a critical severity flaw apparently abused in the wild ...

The Cybersecurity and Infrastructure Security Agency issued updated guidance on a critical vulnerability in Windows Server ...

该漏洞利用了 GetCookie 端点中的遗留序列化机制，其中加密的 AuthorizationCookie 对象使用 AES-128-CBC 解密，并通过 BinaryFormatter 反序列化，无需类型验证，从而为整个系统接管打开了大门。

Security researchers are warning that cyber threat actors are abusing a critical vulnerability in Microsoft Windows Server ...

Microsoft released out-of-band updates to patch the WSUS vulnerability CVE-2025-59287 and exploitation of the flaw was seen just hours later.

Two Windows vulnerabilities—one a zero-day that has been known to attackers since 2017 and the other a critical flaw that Microsoft initially tried and failed to patch recently—are under active ...

Critical 9.8-rated vulnerability affects Windows Server 2012 - 2025 Governments and private security sleuths warned that ...

Microsoft confirms Kerberos and NTLM login failures in Windows 11 24H2, 25H2, and Server 2025 due to duplicate SIDs after ...

Microsoft has confirmed that a new bug in Windows Server 2025 causes directory sync failures for AD groups with over 10,000 ...

Microsoft has confirmed that Windows updates released since August 29, 2025, are breaking authentication on systems sharing ...