Microsoft has rolled out an out-of-band emergency patch for a remote code execution (RCE) vulnerability affecting the Windows Server Update Services (WSUS).
Identified as CVE-2025-59287, the issue stems from the deserialization of untrusted data in a legacy serialization mechanism, allowing unauthorized attackers to execute arbitrary code over the network.
The patch, released on October 23, 2025, addresses the critical threat just days after the vulnerability’s initial disclosure on October 14.
The flaw, rated critical with a CVSS 3.1 base score of 9.8, requires no user privileges or interaction, making it highly exploitable via the network with low complexity.
Attackers could send crafted events to trigger unsafe deserialization, potentially leading to full system compromise and severe impacts on confidentiality, integrity, and availability.
While WSUS is not enabled by default on Windows servers, thus sparing unmodified systems, organizations running the server role for update management face immediate risk if unpatched.
Microsoft’s security team updated the CVE’s temporal score to 8.8 after confirming the availability of proof-of-concept (PoC) exploit code, elevating the exploitability assessment to “more likely.”
No active exploitation in the wild has been reported yet, but the public disclosure of PoC code underscores the urgency for administrators to act.
The vulnerability was responsibly reported by researchers from MEOW and CODE WHITE GmbH, including Markus Wulftange, who identified the deserialization weakness tied to CWE-502.
The October 23 update is available through Windows Update, Microsoft Update, and the Microsoft Update Catalog for standalone downloads.
It will also sync automatically with WSUS environments. However, installation requires a server reboot, which could disrupt operations in production settings.
For those unable to patch immediately, Microsoft recommends temporary workarounds: disable the WSUS server role entirely, halting client updates in the process, or block inbound traffic to ports 8530 and 8531 at the host firewall level to neutralize the service.
This release highlights ongoing challenges in legacy components like WSUS, which many enterprises still rely on for centralized patch management.
Security experts urge organizations to review their WSUS configurations and prioritize the update to prevent potential breaches.
An updated Windows Update offline scan file (Wsusscn2.cab) is now available to aid detection. As cybersecurity threats evolve, this incident serves as a reminder of the importance of timely patching in enterprise environments. Microsoft continues to monitor for any emerging exploits.
| Affected Version | Patch KB Number | Notes |
|---|---|---|
| Windows Server 2012 | KB5070887 | Standard and Server Core |
| Windows Server 2012 R2 | KB5070886 | Standard and Server Core |
| Windows Server 2016 | KB5070882 | Standard and Server Core |
| Windows Server 2019 | KB5070883 | Standard and Server Core |
| Windows Server 2022 | KB5070884 | Standard and Server Core |
| Windows Server 2022, 23H2 Edition | KB5070879 | Server Core installation |
| Windows Server 2025 | KB5070881 | Standard and Server Core |
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
An international ecosystem of sophisticated scam operations has emerged, targeting vulnerable populations through impersonation tactics…
TransparentTribe, a Pakistani-nexus intrusion set active since at least 2013, has intensified its cyber espionage…
As the festive season approaches, organizations are witnessing a disturbing increase in targeted attacks on…
The cybersecurity landscape experienced a significant shift in July 2025 when threat actors associated with…
A sophisticated Python-based remote access trojan has emerged in the gaming community, disguising itself as…
The SideWinder advanced persistent threat group has emerged with a sophisticated new attack methodology that…