Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.