该漏洞利用了 GetCookie 端点中的遗留序列化机制，其中加密的 AuthorizationCookie 对象使用 AES-128-CBC 解密，并通过 BinaryFormatter 反序列化，无需类型验证，从而为整个系统接管打开了大门。

美国网络安全与基础设施安全局（CISA）向全球组织发出警告，微软Windows Server Update Services（WSUS）中存在一个正被积极利用的关键远程代码执行（RCE）漏洞。

An out-of-band (OOB) security update that patches an actively exploited Windows Server Update Service (WSUS) vulnerability ...

Security researchers at Huntress have discovered active exploitation of a remote code execution (RCE) vulnerability in Windows Server Update Services (WSUS) that Microsoft issued an out-of-band patch ...

IT之家 10 月 6 日消息，微软确认，Windows 11 25H2 更新将于当地时间 2025 年 10 月 14 日通过 Windows Server Update Services（WSUS）面向企业客户广泛推送。这意味着更多消费者用户也可能在该日期前后开始收到更新推送。 Windows 11 2025 更新（版本 25H2）已于 9 月 30 日正式发布。

Warnings over hackers exploiting a Windows Server Update have compounded since Microsoft rushed out a patch Friday against a ...

Pakistan’s national cyber-incident response body, Pakistan Computer Emergency Response Team, has issued a critical security ...

Windows Server 2025 is currently open to a Remote Code Execution exploit via the Windows Update Service, and at the time of this writing a fix from Microsoft has yet to fully patch the issue. Reports ...

What just happened? If you're an IT admin relying on Windows Server Update Services to manage updates across your network, it's time to consider alternatives. Microsoft has officially announced that, ...

If ever there was a bit of technology which locked IT pros in a love/hate relationship, it is Windows Server Update Service. Used properly, WSUS lets administrators automatically deploy the latest ...