WSUS RCE
CVE-2025-59287, which could allow remote code execution (RCE) in the Windows Server Update Service (WSUS). It was assigned a CVSSv3 score of 9.8 and rated critical, and has been assessed as ‘Exploitation More Likely’ according to Microsoft’s Exploitability Index. An attacker could exploit this vulnerability to gain RCE by sending a crafted event that leads to a deserialization of untrusted data.
This is just the third WSUS vulnerability patched as part of Microsoft Patch Tuesday since 2023, Tenable points out. But it’s the first RCE and the first to be assessed as more likely to be exploited.
“This vulnerability requires immediate CISO attention because it can compromise your entire patch management infrastructure,” said Mike Walters, president of Action1. “It is a critical deserialization flaw (CVSS 9.8) in WSUS that threatens the system responsible for distributing security patches across the organization.
Beyond performing urgent patching, teams should review patch management architecture and the network exposure of WSUS servers, he added. A compromised WSUS environment could allow attackers to deploy malicious “updates” to all managed endpoints, posing an existential threat to organizational security;
Microsoft Office RCE
CVE-2025-59227 and CVE-2025-59234, two critical remote code execution vulnerabilities in Microsoft Office.
An attacker could exploit these flaws through social engineering by sending a malicious Microsoft Office document file to an intended target, says Tenable. Successful exploitation would grant code execution privileges to the attacker.
These bugs take advantage of “Preview Pane,” meaning that the target doesn’t even need to open the file for exploitation to occur. To execute these flaws, an attacker would social engineer a target into previewing an email with a malicious Microsoft Office document attached.
Tenable also notes that despite being flagged as ‘Less Likely’ to be exploited, Microsoft says that the Preview Pane is an attack vector for both CVEs, which means exploitation does not require the target to open the file.
Agere modem driver flaws
Despite these vulnerabilities being rated critical, Satnam Narang, senior staff research engineer at Tenable, believes the two most notable vulnerabilities this month are in Agere Modem, a third-party modem driver that has been included in Windows operating systems for almost 20 years.
