WSUS RCE
CVE-2025-59287, which may permit distant code execution (RCE) within the Home windows Server Replace Service (WSUS). It was assigned a CVSSv3 rating of 9.8 and rated vital, and has been assessed as ‘Exploitation Extra Seemingly’ based on Microsoft’s Exploitability Index. An attacker may exploit this vulnerability to achieve RCE by sending a crafted occasion that results in a deserialization of untrusted knowledge.
That is simply the third WSUS vulnerability patched as a part of Microsoft Patch Tuesday since 2023, Tenable factors out. However it’s the primary RCE and the primary to be assessed as extra prone to be exploited.
“This vulnerability requires instant CISO consideration as a result of it will probably compromise your total patch administration infrastructure,” mentioned Mike Walters, president of Action1. “It’s a vital deserialization flaw (CVSS 9.8) in WSUS that threatens the system liable for distributing security patches throughout the group.
Past performing pressing patching, groups ought to assessment patch administration structure and the community publicity of WSUS servers, he added. A compromised WSUS setting may permit attackers to deploy malicious “updates” to all managed endpoints, posing an existential risk to organizational security;
Microsoft Workplace RCE
CVE-2025-59227 and CVE-2025-59234, two vital distant code execution vulnerabilities in Microsoft Workplace.
An attacker may exploit these flaws by means of social engineering by sending a malicious Microsoft Workplace doc file to an meant goal, says Tenable. Profitable exploitation would grant code execution privileges to the attacker.
These bugs make the most of “Preview Pane,” which means that the goal doesn’t even must open the file for exploitation to happen. To execute these flaws, an attacker would social engineer a goal into previewing an e-mail with a malicious Microsoft Workplace doc hooked up.
Tenable additionally notes that regardless of being flagged as ‘Much less Seemingly’ to be exploited, Microsoft says that the Preview Pane is an assault vector for each CVEs, which suggests exploitation doesn’t require the goal to open the file.
Agere modem driver flaws
Regardless of these vulnerabilities being rated vital, Satnam Narang, senior employees analysis engineer at Tenable, believes the 2 most notable vulnerabilities this month are in Agere Modem, a third-party modem driver that has been included in Home windows working programs for nearly 20 years.
