28 matches found
CVE-2026-32224
Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally...
CVE-2026-32224
Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally...
Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally...
Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Server Update Service allows an authorized attacker to elevate privileges locally...
Metasploit Wrap-Up 11/14/2025
It has “SUS” in the name, what did you expect? This week’s release features the much-hyped CVE-2025-59287, a Critical-Severity Windows Server Update Service WSUS vulnerability that allows for SYSTEM level remote code execution. Documented among the multiple recent zero-days in Windows, the...
Exploit for Deserialization of Untrusted Data in Microsoft
cve-2025-59287-exploit-poc CVE-2025-59287 is a critica...
The Bug Report - October 2025 Edition
The Bug Report – October 2025 Edition By Jonathan Omakun · October 31, 2025 Why am I here? Welcome to October's cybersecurity horror show, where the tricks are malicious and the treats are... Well, there aren't any treats. Just vulnerabilities that would make even the most seasoned security...
Microsoft Releases Out-of-Band Security Update to Mitigate Windows Server Update Service Vulnerability, CVE-2025-59287
Updated October 29, 2025 : CISA has updated this Alert to include revised information on vulnerable product identification, potential threat activity detections, and additional resources. Microsoft released an update to address a critical remote code execution vulnerability impacting Windows Serv...
Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation
Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Services WSUS vulnerability with a proof-of-concept Poc exploit publicly available and has come under active exploitation in the wild. The vulnerability in question is CVE-2025-59287 CVS...
EUVD-2025-20603
Malicious code in bioql PyPI...
About Elevation of Privilege – Windows Update Service (CVE-2025-48799) vulnerability
About Elevation of Privilege - Windows Update Service CVE-2025-48799 vulnerability. This vulnerability is from the July Microsoft Patch Tuesday. Improper link resolution before file access 'link following' in the Windows Update Service allows an authorized attacker to elevate privileges to "NT...
July Microsoft Patch Tuesday
July Microsoft Patch Tuesday. A total of 152 vulnerabilities - twice as many as in June. Of these, 15 vulnerabilities were added between the June and July MSPT. One vulnerability is exploited in the wild: Memory Corruption - Chromium CVE-2025-6554 One vulnerability has an exploit available on...
CVE-2025-48799
Improper link resolution before file access 'link following' in Windows Update Service allows an authorized attacker to elevate privileges locally...
The vulnerability of the Windows operating system update service allows a hacker to elevate their privileges to a system level.
The vulnerability of the Windows Operating System Update Service lies in the improper handling of symbolic links during file access. Exploiting this vulnerability can allow an attacker to elevate their privileges to a system-level level by performing operations such as deleting, moving, or renami...
CVE-2025-48799
Improper link resolution before file access 'link following' in Windows Update Service allows an authorized attacker to elevate privileges locally...
CVE-2025-48799
Improper link resolution before file access 'link following' in Windows Update Service allows an authorized attacker to elevate privileges locally...
CVE-2025-48799
CVE-2025-48799 is an Elevation of Privilege flaw in Windows Update Service (wuauserv) described as: improper link resolution before file access ('link following') can allow an authorized local attacker to elevate to NT AUTHORITY\SYSTEM when Windows 10/11 systems have at least two drives and Stora...
PT-2025-28533
Name of the Vulnerable Software and Affected Versions Windows versions prior to July 8, 2025 Description An improper link resolution vulnerability exists in the Windows Update Service before file access. This allows an authorized attacker to elevate privileges locally. The vulnerability affects...
Exploit for CVE-2024-31771
CVE-2024-31771 TotalAV Arbitrary File Write TotalAV version...
The vulnerability of the Update Service component of the Windows operating system, which allows a hacker to increase their privileges
The vulnerability of the Windows operating system’s Update Service component is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...