Microsoft urgently released updates to fix a critical vulnerability in Windows Server Update Service (WSUS), which was exploited within hours of the patch release. The flaw, CVE-2025-59287, allows remote code execution and has been actively targeted in the wild, affecting thousands of WSUS instances worldwide. #CVE-2025-59287 #WSUS #WindowsServer
Keypoints
- Microsoft issued out-of-band updates to address a critical WSUS vulnerability.
- Exploitation of CVE-2025-59287 was observed shortly after the patch was released.
- The vulnerability affects multiple Windows Server versions, including 2012, 2016, 2019, 2022, and 2025.
- An unauthenticated attacker can execute remote code through crafted events in WSUS.
- Disabling the WSUS Server Role is recommended as a temporary mitigation until patches are applied.
Read More: https://www.securityweek.com/critical-windows-server-wsus-vulnerability-exploited-in-the-wild/