Breaking the Update Chain: Inside CVE-2025-59287 and the WSUS RCE Threat
CVE-2025-59287 是 Windows Server Update Services (WSUS) 中的一个严重远程代码执行 (RCE) 漏洞。该漏洞源于对不可信数据的不安全反序列化,允许远程攻击者在无需身份验证的情况下执行任意代码。鉴于该漏洞已存在活跃利用,建议立即进行补丁更新。
By Mark Mallia
受影响的产品版本
| 产品版本 | 受影响版本范围 | |
|---|---|---|
| Windows Server 2012 | 6.2.9200.0 – < 6.2.9200.25728 | |
| Windows Server 2012 R2 | 6.3.9600.0 – < 6.3.9600.22826 | |
| Windows Server 2016 | 10.0.14393.0 – < 10.0.14393.8524 | |
| Windows Server 2019 | 10.0.17763.0 – < 10.0.17763.7922 | |
| Windows Server 2022 | 10.0.20348.0 – < 10.0.20348.4297 | |
| Windows Server 2025 | 10.0.26100.0 – < 10.0.26100.6905 | |
| Windows Server 23H2 | 10.0.25398.0 – < 10.0.25398.1916 | FINISHED |
| 6HFtX5dABrKlqXeO5PUv/2LikwdgSIh83wsqHhT/r4TgNo7LcQDUYntE1q8bL9IqCU7UDZlzb3fFYKnFkUFeUAnPSHU5gawWU+vLAL6LiB0OJxyeDlwSJRxD5pvSF56z |
