Microsoft has released urgent out-of-band updates to fix a critical remote code execution vulnerability in Windows Server Update Service (CVEs-2025-59287). The flaw is actively exploited in the wild, emphasizing the importance of prompt patching. #CVE2025-59287 #WSUS #BinaryFormatter
Keypoints
- The vulnerability CVE-2025-59287 allows remote code execution in WSUS due to unsafe deserialization of untrusted data.
- Active exploitation was observed shortly after the release of the proof-of-concept exploit.
- Microsoft issues out-of-band security updates for multiple Windows Server versions to address the flaw.
- Workarounds include disabling WSUS Server Role or blocking specific inbound ports until patching is complete.
- The U.S. CISA has added the vulnerability to its KEV catalog, requiring federal remediation by November 14, 2025.
Read More: https://thehackernews.com/2025/10/microsoft-issues-emergency-patch-for.html