A critical bug in Microsoft’s Windows Server Update Services (WSUS) has left many servers vulnerable to attack. The CVE-2025-59287 vulnerability, rated 9.8 out of 10 for its severity, can be exploited by attackers through insecure deserialization of untrusted data. This allows unauthenticated attackers to execute arbitrary code on vulnerable systems.
The bug affects Windows Server versions 2012 through 2025 and can be exploited if the WSUS role is enabled. Microsoft initially issued a patch on October 14 but later released an emergency update that may not fully fix the issue.
Security researchers have warned of exploitation attempts, with one researcher demonstrating how to tamper with updates offered to clients and push out malicious ones. The US Cybersecurity and Infrastructure Security Agency has added the vulnerability to its catalog, while private security firms have reported seeing threat actors targeting public WSUS instances.
Microsoft has declined to comment on the issue, but the company claims that customers who have installed the latest updates are already protected. However, many experts believe that exposure of the WSUS service over the internet is a significant risk and that organizations should take steps to secure their networks immediately.
Source: https://www.theregister.com/2025/10/24/exploitation_of_critical_windows_server