Microsoft urgently issued an out-of-band security update to fix a critical remote code execution vulnerability (CVE-2025-59287) in Windows Server Update Services. This flaw allows attackers to remotely execute arbitrary code with high privileges, posing a significant threat to affected organizations. #CVE-2025-59287 #WSUS #WindowsServer
Keypoints
- The vulnerability CVE-2025-59287 affects multiple Windows Server editions including 2012 R2 through 2025.
- Exploit requires no authentication and can be triggered remotely via specially crafted requests.
- Microsoft released an out-of-band patch on October 23, 2025, after proof-of-concept exploits became publicly available.
- Organizations should immediately apply the update or use temporary workarounds to mitigate risks.
- Failure to patch could lead to malicious manipulation of updates, system control, or lateral movement within networks.
Read More: https://thecyberexpress.com/microsoft-fixes-cve-2025-59287/