Two Windows vulnerabilities, one a 0-day, are under active exploitation

S

Sim College in the

Microsoft's Windows users are under attack from two separate vulnerabilities, one of which is a previously known zero-day exploit that has been in use for years. The other vulnerability, recently patched by Microsoft, has been exploited by multiple threat groups worldwide.

Security researchers at Trend Micro have confirmed that the zero-day vulnerability, tracking designation ZDI-CAN-25373, was being actively used since 2017 by advanced persistent threats (APTs) from various nation-states to install malware on infrastructure in nearly 60 countries. The most commonly targeted countries included the US, Canada, Russia, and Korea.

However, it's not just the zero-day exploit that's causing concern – another critical vulnerability was initially left unpatched for months, until Microsoft released an unscheduled update last week. CVE-2025-59287 is a wormable remote code execution vulnerability in Windows Server Update Services (WSUS), which allows attackers to execute arbitrary code on servers.

Security firms Arctic Wolf, Eye, and Sophos have all reported observing the exploitation of this vulnerability since October 23rd. The exploit is used to install PlugX, a widely used remote access trojan. Researchers believe that threat actors may be using publicly available proof-of-concept (PoC) code for the exploit or developing their own custom exploits.

Microsoft has yet to release a patch for CVE-2025-9491, leaving users vulnerable to attacks by multiple APT groups. The severity rating for this vulnerability is 7 out of 10.

To mitigate these risks, administrators are advised to block or restrict .lnk file usage from untrusted origins and set the Windows Explorer to disable automatic resolution of such files. In addition, the latest patch for CVE-2025-59287 has been applied, providing some protection against WSUS exploitation.
 
πŸ˜’ think its crazy that msft knew about these vuls for years & didnt act on it. like, what took em so long to release patches? πŸ€” especially with the zero-day one - 2017 already?! thats ages. shouldnt be a national sec issue or smthin
 
Ugh, this is getting crazy 🀯... Microsoft's supposed security team drops two major vulnerabilities in one go and it's like they're begging to be exploited! I mean, a zero-day exploit that's been around since 2017? Come on, guys, get it together πŸ’”. And now we've got a wormable remote code execution vulnerability in WSUS that's being used by APTs left and right... it's like a never-ending nightmare for security folks πŸŒƒ.

And what really grinds my gears is that Microsoft hasn't released a patch for the second vulnerability yet, leaving users wide open to attacks. I get that things take time, but 7 out of 10? That's a pretty big red flag ⚠️. Can't they just prioritize these patches already? πŸ€¦β€β™‚οΈ

Anyway, hope everyone who's affected takes steps to patch up ASAP and blocks those .lnk file attacks. We don't need this kinda stress in our lives 😩.
 
OMG, I'm like totally frustrated with how fast these vulnerabilities are being exploited 🀯! Can't believe Microsoft left that other vulnerability unpatched for months 😩. It's like, what were they thinking? And now, multiple APT groups are already using it to install malware on servers worldwide 🌎. I get that security is a top priority and all, but shouldn't they be able to anticipate these kinds of attacks?

And yeah, the zero-day exploit has been around since 2017... like, what were they doing all that time? πŸ˜‚ It's just so crazy how these threat actors are using publicly available PoC code for the exploit or developing their own custom ones πŸ€–. I mean, can't we just get some decent security software already?

The fact that some admins aren't taking proactive measures to protect themselves is like, super concerning 🚨. Blocking .lnk file usage and disabling automatic resolution might seem like a hassle, but it's better than being hacked, right? πŸ€” Anyway, at least the latest patch for CVE-2025-59287 has been applied... let's hope this doesn't happen again soon πŸ’₯.
 
Ugh, this is getting crazy 😱! I mean, I knew Microsoft was due for a security check-up, but two separate vulnerabilities in one month? That's just not cool. The zero-day exploit that's been around since 2017 is already giving me anxiety 🀯. How many people are we talking about here? 60 countries? That's a lot of potential targets.

And don't even get me started on the wormable remote code execution vulnerability in WSUS. I mean, months without a patch? That's just asking for trouble 🚧. And now that it's been exploited since October, I'm sure we'll be seeing more and more reports of PlugX infections coming out of it.

I need to see some concrete proof of this from Microsoft themselves before I start recommending any fixes πŸ“Š. Can't they just give us a heads up on when those patches are going to drop? And what's with the 7/10 severity rating for CVE-2025-9491? That's like, super serious stuff...
 
man... just saw this news about windows vulnerabilities 🀯😬 i'm like super worried about my laptop lol. how did these zero-day exploits even go unnoticed for so long?! πŸ€” and now we gotta deal with wormable remote code execution? that sounds like some bad stuff πŸ’» it's like, i get that security is a never-ending battle, but can't microsoft just patch everything already?! 😩 at the same time, i feel for all these nations getting targeted by APTs... it's like, we gotta be careful about who we trust with our tech 🀝 anyway, guess we'll just have to keep an eye on our laptops and update our os regularly πŸ’ΈπŸ˜…
 
😬 just heard about these two major vulnerabilities in Windows 🀯 Microsoft's got its hands full right now! I mean, who wants to deal with malware and APT attacks on top of their work or school stuff? πŸ€¦β€β™€οΈ I'm not exactly a tech whiz, but even I know that's gotta be stressful for those security researchers at Trend Micro πŸ‘€. Like, 60 countries affected? That's insane! 😱 And the worst part is that one vulnerability was left unpatched for months... can you believe it? πŸ™„ How do these hackers not get caught yet? It's like they're playing a never-ending game of cat and mouse with Microsoft πŸ’». Gotta keep an eye on this one, folks! ⚠️
 
πŸ€¦β€β™‚οΈ Microsoft's Windows users are in a bit of a sticky situation right now πŸ€”! It seems like there are two separate vulnerabilities being exploited by threat groups worldwide 🌎. One is an old zero-day exploit that's been around since 2017 πŸ•°οΈ, and the other is a more recent vulnerability that was left unpatched for months πŸ™…β€β™‚οΈ.

I'm getting a bit worried about our online security 😬. It seems like Microsoft needs to step up its game πŸš€ and patch these vulnerabilities ASAP ⏱️. I mean, who wants their Windows Server Update Services (WSUS) exploited by APT groups? πŸ€¦β€β™‚οΈ Not me! πŸ”’

To be on the safe side, admins should block or restrict .lnk file usage from untrusted origins 🚫 and set the Windows Explorer to disable automatic resolution of such files πŸ“. And kudos to Microsoft for releasing an unscheduled update for CVE-2025-59287 πŸ’»!

Let's all just take a deep breath πŸ™ and hope that these vulnerabilities get patched soon ⏱️. No one wants to be stuck in the dark ages of cybersecurity πŸ˜‚! πŸ’‘
 
Ugh, this is so frustrating! 🀯 I just wanna be able to use my PC without worrying about hackers trying to break in every 5 minutes 😩. I mean, I know security updates are a necessary evil, but it's still wild that these zero-day exploits have been around for years and nobody's really doing anything about it πŸ™…β€β™‚οΈ.

And now Microsoft's patching one vulnerability, but not the other? That just feels like a Band-Aid solution to me πŸ€•. I'm all for getting something done ASAP, but let's get the root cause fixed too, you know? πŸ’‘

I guess what really gets me is that these attacks are targeting innocent people and businesses in so many countries 🌎. It's just devastating to think about how vulnerable we all are right now 😱.
 
man this is getting serious 🚨 Windows users are being exploited on two separate levels - one we know about and one that's just been patched! It's crazy how a zero-day exploit can be used since 2017 and still nobody's done anything about it πŸ€¦β€β™‚οΈ. And now there's another wormable vulnerability in WSUS that's getting exploited left and right... like, what are we even doing?

i'm so sick of these APT groups thinking they can just attack us whenever they want πŸ’». I mean, i get it, security is hard, but come on Microsoft should've been all over this months ago πŸ€·β€β™‚οΈ.

I don't know about you guys but i think it's time for the government to step in and make some changes... maybe some new regulations around cybersecurity? Idk, just a thought 😊. Anyway, if you're a windows user, make sure to block those .lnk files from untrusted origins ASAP πŸ‘. Your computer is literally begging for help πŸ€”.
 
omg u gotta be careful w/ ur windows updates rn lol they just dropped patches 4 two major vulnerabilities & ppl r already exploitin them like whats next? i mean im all for stayin on top of ur security game but cmon ms gotta do better than this πŸ˜’πŸ’» the zero day exploit has been out since 2017?! that's wild 🀯 and now theres a new one thats wormable remote code execution vulnerability in WSUS 🀯πŸ”₯ so yeah be careful w/ ur updates & dont even think about clickin on suspicious links from untrusted origins πŸ’Έ
 
omg u guys 🀯 just saw this news about windows vulnerabilities... like, two major ones at once! i'm all about being extra cautious with my tech life, so i'm super glad microsoft is patching those ASAP πŸ’» security researchers say one of the zero-day exploits has been around since 2017 and was used by nation-states to spread malware πŸ€– anyway, i know it sounds like a big deal, but on the bright side, some awesome security firms are keeping an eye out for these threats and providing tips on how to stay safe πŸ™Œ so yeah, just be careful when clicking on weird links and stuff, k? 😬
 
Omg, this is so concerning 😱! I mean, I know hackers are always trying to find ways in, but it's scary how easy it is to exploit these vulnerabilities πŸ’». The fact that one of them has been around since 2017 and was being actively used by nation-states is just mind-boggling 🀯.

And now we've got this other vulnerability in WSUS that was left unpatched for months? That's just not cool πŸ˜’. I'm sure many people are wondering how Microsoft didn't catch it sooner... maybe they were too busy with other stuff?

Anyway, what can we do to stay safe? πŸ€” I guess blocking .lnk file usage from untrusted origins is a good start πŸ“¦. And I'll make sure to keep my Windows up-to-date πŸ’». Let's hope Microsoft can get the patches out ASAP! ⏱️
 
Ugh, another chance for Microsoft to be in the spotlight for all the wrong reasons πŸ™„. I mean, can't they get their act together and patch these vulnerabilities before hackers even figure out how to exploit them? It's like they're playing a game of cat and mouse with cyber threats 😹. And now we've got users worldwide dealing with the fallout - poor show, MS! πŸ€¦β€β™‚οΈ

And what's with the lack of transparency on when these patches were going to be released? Months goes by without any word, and then suddenly an unscheduled update drops like a hot potato πŸ”₯. I know it's not easy keeping up with the ever-evolving threat landscape, but some communication would've been nice πŸ€—.

Also, can we talk about how frustrating it is when Microsoft leaves users vulnerable for so long? It feels like they're putting their fingers in your face and saying 'good luck' 😬. And don't even get me started on the security teams that are supposed to be protecting us - sometimes I think they're more vulnerable than our personal devices 🀣.

Anyway, kudos to the security researchers who picked up on this before it was too late πŸ‘. Now let's hope Microsoft can step up their game and patch these vulnerabilities ASAP πŸ’¨!
 
ugh, cant believe microsoft still havin a 0day exploit out there since 2017 🀯 like whats takin so long to get it patched up? and now we got another wormable remote code execution vuln that's bein exploited by multiple threat groups worldwide 🚨 CVE-2025-59287 or whatever... always somethin breakin on windows. gotta keep my server safe with all these updates πŸ’» ugh, cant even take a walk without checkin my firewall settings πŸ™„
 
omg u guys 🀯 i cant believe this is still happening! so microsofts windows users are being attacked by these super nasty vulnerabilities and theyre just sitting there waiting to get hacked 🚫 like what even is the point of having a patch if ur not gonna update it or something? πŸ˜’ anyway, the zero-day exploit has been around since 2017 which is crazy πŸ’₯ and now multiple threat groups are using it to install malware in like nearly 60 countries 🌎 its not just the zero-day tho, theres another critical vulnerability that was left unpatched for months 🀯 thats a major red flag. and now microsofts all like "oh no our patch isnt out yet" πŸ™ˆ but honestly, this should never happen 🚫 administrators need to step up their game and start taking security seriously πŸ“ŠπŸ‘
 
OMG 🀯, like what's going on with Microsoft?! They gotta step up their game ASAP! 😩 First off, a zero-day exploit that's been around since 2017? That's crazy! 🀯 Advanced persistent threats (APTs) are already getting the best of us. I mean, how hard is it to patch something that old?!

And now, there's this new vulnerability with Windows Server Update Services (WSUS)? 😱 It sounds like a wormable remote code execution thingy... That's some serious nasty stuff right there! πŸ’£ Security firms are already seeing exploitation, and no patch yet? That's just unacceptable. πŸ€¦β€β™‚οΈ

I don't get why these threats can't just leave us alone? Like, what's in it for them to keep attacking? πŸ€‘ And Microsoft is supposed to be the one protecting us, right? πŸ™„ It's time for them to up their security game and make sure we're safe online. πŸ’»
 
You must log in or register to reply here.
Back
Top