WSUS RCE
CVE-2025-59287Which can allow remote code execution (RCE) in Windows Server Update Service (WSUS). It was given a CVSSv3 score of 9.8 and a critical rating, and is accordingly assessed as ‘high potential for exploitation’. Microsoft’s exploit indexAn attacker could exploit this vulnerability to achieve RCE by sending a crafted event that leads to deserialization of untrusted data.
Tenable points out that this is the third WSUS vulnerability patched as part of Microsoft Patch Tuesday since 2023. But this is the first RCE and has been assessed as having a high probability of being exploited.
“This vulnerability requires immediate CISO attention as it could compromise your entire patch management infrastructure,” said mike waltersPresident of Action1. “This is a critical deserialization flaw (CVSS 9.8) in WSUS that compromises the systems responsible for distributing security patches across an organization.
In addition to performing immediate patching, teams should review the patch management architecture and network exposure of WSUS servers, he said. A compromised WSUS environment could allow attackers to deploy malicious “updates” to all managed endpoints, posing a potential threat to organizational security;
Microsoft Office RCE
CVE-2025-59227 And CVE-2025-59234Two critical remote code execution vulnerabilities in Microsoft Office.
Tenable says an attacker could exploit these flaws through social engineering by sending a malicious Microsoft Office document file to an intended target. Successful exploitation would grant code execution privileges to the attacker.
These bugs take advantage of the “preview pane”, meaning the target does not even need to open the file for exploitation to occur. To carry out these flaws, an attacker would social engineer a target to preview an email with a malicious Microsoft Office document.
Tenable also notes that despite the exploit being marked as ‘low probability’, Microsoft says the preview pane is an attack vector for both CVEs, meaning the exploit does not require the target to open the file.
Agere Modem Driver Flaws
Despite these weaknesses being rated as serious, Satnam NarangTenable’s senior staff research engineer believes that the two most notable vulnerabilities this month are in Agere Modem, a third-party modem driver that has been included in the Windows operating system for nearly 20 years.
