Cybercriminals are actively exploiting a critical Windows Server Update Service (WSUS) vulnerability, CVE-2025-59287, which allows remote code execution and could potentially spread like a worm. Microsoft has issued emergency patches, but active exploitation and scanning are already reported in the wild. #CVE2025-59287 #WSUSVulnerability
Keypoints
- The CVE-2025-59287 vulnerability affects Windows servers with the WSUS Server role enabled.
- Threat actors can exploit this flaw remotely with low complexity, without user interaction, gaining SYSTEM privileges.
- Microsoft released out-of-band security updates for all impacted Windows Server versions to mitigate the risk.
- Cybersecurity firms have observed active scanning and exploitation attempts, with some systems already compromised.
- Administrators are advised to install patches immediately or disable the WSUS Server role as a temporary workaround.