Emergency Update Released for Critical WSUS Vulnerability

Microsoft has released an out-of-band security update to address a critical vulnerability in Windows Server Update Service (WSUS). The flaw, identified as CVE-2025-59287, is confirmed to be under active exploitation in the wild. The urgency of this patch is underscored by the public availability of a proof-of-concept (PoC) exploit, which demonstrates how to leverage the vulnerability.

The tech giant had initially addressed this issue as part of its regular Patch Tuesday update. However, the emergence of active attacks prompted the release of this subsequent emergency patch to protect users. The vulnerability specifically impacts Windows servers that have the WSUS server role enabled; servers without this role are not affected.

Vulnerability Details and Researcher Credit

CVE-2025-59287 holds a critical severity rating with a CVSS score of 9.8 out of 10. The flaw is a remote code execution (RCE) vulnerability that stems from the deserialization of untrusted data within the WSUS application. This allows an unauthenticated attacker to execute arbitrary code over a network by sending a specially crafted request to a vulnerable WSUS server.

Microsoft has acknowledged three security researchers for their work in discovering and reporting the bug. The credited individuals are MEOW, f7d8c52bec79e42795cf15888b85cbad, and Markus Wulftange with CODE WHITE GmbH. Due to the confirmed active exploitation and the critical nature of this vulnerability, administrators are urged to apply the out-of-band security updates immediately to all affected servers.

Source: https://thehackernews.com/2025/10/microsoft-issues-emergency-patch-for.html