{"id":1801,"date":"2025-10-29T09:40:23","date_gmt":"2025-10-29T09:40:23","guid":{"rendered":"https:\/\/www.tsfactory.com\/forums\/?p=1801"},"modified":"2025-10-29T09:40:23","modified_gmt":"2025-10-29T09:40:23","slug":"google-probes-exploitation-of-critical-windows-service-cve","status":"publish","type":"post","link":"https:\/\/www.tsfactory.com\/forums\/blog\/google-probes-exploitation-of-critical-windows-service-cve\/","title":{"rendered":"Google probes exploitation of critical Windows service CVE"},"content":{"rendered":"<p>Google Threat Intelligence Group is investigating a series of attacks linked to a hacker targeting a critical vulnerability in Windows Server Update Service, Cybersecurity Dive has learned.<\/p>\n<p>Threat activity has ramped up since last week after a proof of concept for the untrusted data vulnerability in WSUS, the service widely used to manage the deployment of Microsoft product updates.<\/p>\n<p>\u201cWe are actively investigating the exploitation of\u00a0<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-59287\">CVE-2025-59287<\/a>\u00a0by a newly identified threat actor we are tracking as UNC6512 across multiple victim organizations,\u201d GTIG researchers told Cybersecurity Dive.<\/p>\n<p>After gaining initial access into targeted systems, the hacker has done reconnaissance on the compromised host and related environments, according to researchers. The hacker has also exfiltrated data from impacted hosts, according to GTIG.<\/p>\n<p>The threat activity confirms prior observations from security firms, including Huntress Labs, which reported exploitation activity across at least four customer environments late last week.<\/p>\n<p>Microsoft issued a patch to address the vulnerability earlier in the month, but the software update was ineffective.\u00a0<a href=\"https:\/\/hawktrace.com\/blog\/CVE-2025-59287-UNAUTH\">Researchers at HawkTrace<\/a>\u00a0released a proof-of-concept related to the vulnerability.<\/p>\n<p>Researchers at Eye Security last week\u00a0<a href=\"https:\/\/research.eye.security\/wsus-deserialization-exploit-in-the-wild-cve-2025-59287\/\">were alerted by suspicious activity<\/a>\u00a0picked up by endpoint detection and response telemetry and realized there was an active threat. They were able to replicate the proof of concept and warned various security partners and government agencies about the risk of exposing WSUS to the internet.<\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/google-threat-researchers-probe-exploitation-critical-cve-wsus\/803985\/\">Read the Full Story Here<\/a><\/p>\n<p>Source: Cybersecurity Dive<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google Threat Intelligence Group is investigating a series of attacks linked to a hacker targeting a critical vulnerability in Windows Server Update Service, Cybersecurity Dive has learned. Threat activity has ramped up since last week after a proof of concept for the untrusted data vulnerability in WSUS, the service widely used to manage the deployment [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":1219,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1801","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Google probes exploitation of critical Windows service CVE - Community<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.tsfactory.com\/forums\/blog\/google-probes-exploitation-of-critical-windows-service-cve\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Google probes exploitation of critical Windows service CVE - Community\" \/>\n<meta property=\"og:description\" content=\"Google Threat Intelligence Group is investigating a series of attacks linked to a hacker targeting a critical vulnerability in Windows Server Update Service, Cybersecurity Dive has learned. Threat activity has ramped up since last week after a proof of concept for the untrusted data vulnerability in WSUS, the service widely used to manage the deployment [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.tsfactory.com\/forums\/blog\/google-probes-exploitation-of-critical-windows-service-cve\/\" \/>\n<meta property=\"og:site_name\" content=\"Community\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/TSFactoryLLC\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-10-29T09:40:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/03\/microsoft.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"1919\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Chelsie Wyatt\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:site\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chelsie Wyatt\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/google-probes-exploitation-of-critical-windows-service-cve\/\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/google-probes-exploitation-of-critical-windows-service-cve\/\",\"name\":\"Google probes exploitation of critical Windows service CVE - Community\",\"isPartOf\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/google-probes-exploitation-of-critical-windows-service-cve\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/google-probes-exploitation-of-critical-windows-service-cve\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/03\/microsoft.jpg\",\"datePublished\":\"2025-10-29T09:40:23+00:00\",\"author\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/google-probes-exploitation-of-critical-windows-service-cve\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.tsfactory.com\/forums\/blog\/google-probes-exploitation-of-critical-windows-service-cve\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/google-probes-exploitation-of-critical-windows-service-cve\/#primaryimage\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/03\/microsoft.jpg\",\"contentUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/03\/microsoft.jpg\",\"width\":1280,\"height\":1919},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/google-probes-exploitation-of-critical-windows-service-cve\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.tsfactory.com\/forums\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Google probes exploitation of critical Windows service CVE\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/\",\"name\":\"Community\",\"description\":\"TSFactory\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\",\"name\":\"Chelsie Wyatt\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"caption\":\"Chelsie Wyatt\"},\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Google probes exploitation of critical Windows service CVE - Community","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.tsfactory.com\/forums\/blog\/google-probes-exploitation-of-critical-windows-service-cve\/","og_locale":"en_US","og_type":"article","og_title":"Google probes exploitation of critical Windows service CVE - Community","og_description":"Google Threat Intelligence Group is investigating a series of attacks linked to a hacker targeting a critical vulnerability in Windows Server Update Service, Cybersecurity Dive has learned. Threat activity has ramped up since last week after a proof of concept for the untrusted data vulnerability in WSUS, the service widely used to manage the deployment [&hellip;]","og_url":"https:\/\/www.tsfactory.com\/forums\/blog\/google-probes-exploitation-of-critical-windows-service-cve\/","og_site_name":"Community","article_publisher":"https:\/\/www.facebook.com\/TSFactoryLLC\/","article_published_time":"2025-10-29T09:40:23+00:00","og_image":[{"width":1280,"height":1919,"url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/03\/microsoft.jpg","type":"image\/jpeg"}],"author":"Chelsie Wyatt","twitter_card":"summary_large_image","twitter_creator":"@TSFactoryLLC","twitter_site":"@TSFactoryLLC","twitter_misc":{"Written by":"Chelsie Wyatt","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/google-probes-exploitation-of-critical-windows-service-cve\/","url":"https:\/\/www.tsfactory.com\/forums\/blog\/google-probes-exploitation-of-critical-windows-service-cve\/","name":"Google probes exploitation of critical Windows service CVE - Community","isPartOf":{"@id":"https:\/\/www.tsfactory.com\/forums\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/google-probes-exploitation-of-critical-windows-service-cve\/#primaryimage"},"image":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/google-probes-exploitation-of-critical-windows-service-cve\/#primaryimage"},"thumbnailUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/03\/microsoft.jpg","datePublished":"2025-10-29T09:40:23+00:00","author":{"@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f"},"breadcrumb":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/google-probes-exploitation-of-critical-windows-service-cve\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.tsfactory.com\/forums\/blog\/google-probes-exploitation-of-critical-windows-service-cve\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/google-probes-exploitation-of-critical-windows-service-cve\/#primaryimage","url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/03\/microsoft.jpg","contentUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/03\/microsoft.jpg","width":1280,"height":1919},{"@type":"BreadcrumbList","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/google-probes-exploitation-of-critical-windows-service-cve\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.tsfactory.com\/forums\/"},{"@type":"ListItem","position":2,"name":"Google probes exploitation of critical Windows service CVE"}]},{"@type":"WebSite","@id":"https:\/\/www.tsfactory.com\/forums\/#website","url":"https:\/\/www.tsfactory.com\/forums\/","name":"Community","description":"TSFactory","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f","name":"Chelsie Wyatt","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","caption":"Chelsie Wyatt"},"url":"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/"}]}},"_links":{"self":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1801","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/comments?post=1801"}],"version-history":[{"count":1,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1801\/revisions"}],"predecessor-version":[{"id":1802,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1801\/revisions\/1802"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media\/1219"}],"wp:attachment":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media?parent=1801"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/categories?post=1801"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/tags?post=1801"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}