CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

Critical Windows Server WSUS Vulnerability Exploited in the Wild

CVE-2025-59287 allows a remote, unauthenticated attacker to execute arbitrary code and a PoC exploit is available. The post Critical Windows Server WSUS Vulnerability Exploited in the Wild appeared first on SecurityWeek.

Windows security

Microsoft on Thursday released out-of-band updates to patch a critical vulnerability impacting the Windows Server Update Service (WSUS), and exploitation of the flaw was seen just hours later. 

WSUS is a component of the Windows Server operating system that allows IT administrators to centrally manage and distribute Microsoft product updates and patches within a corporate network. 

In an advisory released on Patch Tuesday, Microsoft informed customers about CVE-2025-59287, a WSUS remote code execution vulnerability impacting Windows Server 2012, 2016, 2019, 2022 and 2025.

The tech giant updated its advisory on October 23 to warn users about the public availability of a PoC exploit and to inform them about the release of an additional update that should fully address CVE-2025-59287.

“A remote, unauthenticated attacker could send a crafted event that triggers unsafe object deserialization in a legacy serialization mechanism, resulting in remote code execution,” Microsoft said. 

Technical details and a PoC exploit targeting CVE-2025-59287 were published on October 18 by security firm HawkTrace, which warned that an unauthenticated hacker can exploit the flaw to execute arbitrary code with System privileges. 

Eye Security warned on Friday that it has seen in-the-wild exploitation of CVE-2025-59287, and noted that roughly 2,500 WSUS instances from around the world are still exposed to attacks.

The Dutch government’s National Cyber Security Centre also reported on Friday that it has become aware of active exploitation.

CVE-2025-59287 is related to the WSUS Server Role, which is not enabled by default on Windows Server. Disabling the WSUS Server Role serves as a temporary mitigation until the patch can be deployed.

Microsoft’s advisory carries an ‘exploitation more likely’ assessment, but it does not confirm active exploitation of the vulnerability.  

Related: Pwn2Own WhatsApp Hacker Says Exploit Privately Disclosed to Meta

Related: ‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability

Related: Microsoft Disables Downloaded File Previews to Block NTLM Hash Leaks

Latest News

CYBERNEWSMEDIAPublisher