Wild: “The vulnerability allows an unauthenticated attacker to achieve remote code execution with SYSTEM privileges by sending malicious encrypted cookies to the GetCookie() endpoint.”
Give a cookie to the bouncer and they’ll do what you want and let you in.
https://infosec.exchange/@DarkWebInformer/115430134056007798
Dark Web Informer :verified_paw: (@[email protected])
🚨CVE-2025-59287: Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network. CVSS: 9.8 Microsoft releases out-of-band (OOB) urgent fix for actively exploited WSUS vulnerability: https://www.helpnetsecurity.com/2025/10/24/wsus-vulnerability-cve-2025-59287-exploited/