Critical Windows Server WSUS Vulnerability Exploited in the Wild 

Critical Windows Server WSUS Vulnerability Exploited in the Wild 

Posted on By CWS

Microsoft on Thursday launched out-of-band updates to patch a crucial vulnerability impacting the Home windows Server Replace Service (WSUS), and exploitation of the flaw was seen simply hours later. 

WSUS is a part of the Home windows Server working system that permits IT directors to centrally handle and distribute Microsoft product updates and patches inside a company community. 

In an advisory launched on Patch Tuesday, Microsoft knowledgeable prospects about CVE-2025-59287, a WSUS distant code execution vulnerability impacting Home windows Server 2012, 2016, 2019, 2022 and 2025.

The tech large up to date its advisory on October 23 to warn customers concerning the public availability of a PoC exploit and to tell them concerning the launch of an extra replace that ought to totally handle CVE-2025-59287.

“A distant, unauthenticated attacker may ship a crafted occasion that triggers unsafe object deserialization in a legacy serialization mechanism, leading to distant code execution,” Microsoft stated. 

Technical particulars and a PoC exploit focusing on CVE-2025-59287 had been revealed on October 18 by safety agency HawkTrace, which warned that an unauthenticated hacker can exploit the flaw to execute arbitrary code with System privileges. 

Eye Safety warned on Friday that it has seen in-the-wild exploitation of CVE-2025-59287, and famous that roughly 2,500 WSUS situations from around the globe are nonetheless uncovered to assaults.

The Dutch authorities’s Nationwide Cyber Safety Centre additionally reported on Friday that it has change into conscious of energetic exploitation.Commercial. Scroll to proceed studying.

CVE-2025-59287 is expounded to the WSUS Server Position, which isn’t enabled by default on Home windows Server. Disabling the WSUS Server Position serves as a brief mitigation till the patch will be deployed.

Microsoft’s advisory carries an ‘exploitation extra seemingly’ evaluation, nevertheless it doesn’t verify energetic exploitation of the vulnerability.  

Associated: Pwn2Own WhatsApp Hacker Says Exploit Privately Disclosed to Meta

Associated: ‘Highest Ever’ Severity Rating Assigned by Microsoft to ASP.NET Core Vulnerability

Associated: Microsoft Disables Downloaded File Previews to Block NTLM Hash Leaks

Security Week News Tags:, , , , , ,

Related Posts

AI Systems Vulnerable to Prompt Injection via Image Scaling Attack AI Systems Vulnerable to Prompt Injection via Image Scaling Attack Security Week News
Geordie Secures M to Enhance AI Governance Geordie Secures $30M to Enhance AI Governance Security Week News
Critical VMware Aria Operations Flaw Actively Targeted Critical VMware Aria Operations Flaw Actively Targeted Security Week News
DeepLoad Malware Spreads via ClickFix Attacks DeepLoad Malware Spreads via ClickFix Attacks Security Week News
Infostealers: The Silent Smash-and-Grab Driving Modern Cybercrime Infostealers: The Silent Smash-and-Grab Driving Modern Cybercrime Security Week News
Jaguar Land Rover Says Shutdown Will Continue Until at Least Oct 1 After Cyberattack Jaguar Land Rover Says Shutdown Will Continue Until at Least Oct 1 After Cyberattack Security Week News