A critical flaw in Microsoft's Windows Server Update Services (WSUS) has been exploited in the wild, with reports indicating that the vulnerability allows attackers to bypass security measures and execute arbitrary code. Despite the availability of patches, many systems remain unprotected due to insufficient updates, highlighting the urgency for organizations to address this issue promptly.

A Windows vulnerability (CVE-2025-24054) rated as low exploitability by Microsoft was quickly weaponized by attackers within eight days, targeting government and enterprise entities in Poland and Romania. The flaw allows attackers to leak NTLM hashes through phishing tactics, enabling them to impersonate victims with minimal user interaction. Researchers emphasize the urgent need for organizations to apply patches promptly to mitigate risks associated with NTLM vulnerabilities.

Microsoft issued an emergency security update for a critical vulnerability in SharePoint Server, known as CVE-2025-53770, which is actively being exploited by hackers to breach various organizations, including U.S. federal agencies. The flaw allows attackers to access and control compromised servers using a backdoor tool named "ToolShell," prompting urgent recommendations for organizations to take immediate protective measures beyond just patching.

A newly discovered vulnerability in the Cursors component of Microsoft Windows allows hackers to execute arbitrary code on affected systems. This flaw, identified as CVE-2023-38831, can be exploited through specially crafted files, prompting urgent updates from Microsoft to mitigate potential attacks. Users are advised to patch their systems to safeguard against this security threat.