An emergency out-of-band update for Windows Server 2025 aimed at fixing a critical CVE-2025-59287 vulnerability has unintentionally disrupted hotpatching for some systems. This issue has led to security concerns, with agencies and cybersecurity groups tracking vulnerable instances and Microsoft releasing a subsequent update to restore functionality. #CVE-2025-59287 #WindowsServer2025
Keypoints
- The KB5070881 update addresses a severe remote code execution vulnerability in Windows Server Update Service.
- Some Windows Server 2025 devices enrolled in hotpatching lost their hotpatch status after applying the update.
- Microsoft has stopped offering the buggy update to hotpatch-enrolled systems and recommends installing KB5070893 instead.
- Cybersecurity agencies warn of the widespread exposure of WSUS instances and active exploits in the wild.
- Microsoft is restoring hotpatch functionality with a new security update and has disabled error detail display related to the vulnerability.