Microsoft has released an emergency out-of-band security update to address a critical vulnerability in its Windows Server Update Service (WSUS). The flaw, tracked as CVE-2025-59287, is confirmed to be under active exploitation in the wild. This urgent action follows an initial fix released during the company’s regular Patch Tuesday update, indicating that the first patch was insufficient to neutralize the threat. The ongoing attacks highlight a significant risk for organizations that rely on WSUS for managing system updates, as attackers are actively weaponizing the security gap.

Vulnerability Profile: CVE-2025-59287

The security issue is a remote code execution (RCE) vulnerability that carries a critical severity CVSS score of 9.8 out of 10. The flaw exists within the WSUS platform, which is a core component for many IT administrators to manage and distribute Microsoft software updates across corporate networks. A successful RCE exploit allows an attacker to execute arbitrary code on the affected server, which can lead to a complete system compromise. The high CVSS score reflects the low complexity of the attack and the severe impact it can have on an organization’s security and stability without requiring user interaction.

Active Exploitation Confirmed

Cybersecurity firms Eye Security and Huntress have independently confirmed that threat actors are actively weaponizing the CVE-2025-59287 vulnerability. According to their reports, attackers are leveraging the flaw to deploy malicious payloads onto targeted systems. The exploitation was observed after the initial Patch Tuesday update was released, prompting Microsoft to issue the subsequent out-of-band patch to provide a more comprehensive fix. The speed at which attackers began exploiting the flaw underscores the sophisticated and persistent nature of modern cyber threats and the critical need for administrators to apply the latest security updates immediately.

Source: https://thehackernews.com/2025/10/weekly-recap-wsus-exploited-lockbit-50.html