At least 50 organizations in the U.S. have been targeted by attacks exploiting a significant vulnerability in Windows Server Update Service (WSUS), according to cybersecurity firm Sophos. This vulnerability, identified as CVE-2025-59287, involves the deserialization of untrusted data. Despite a security update released by Microsoft in mid-October, it failed to protect against these threats, prompting…

Microsoft has issued a critical security update aimed at addressing a remote code execution vulnerability that affects multiple versions of Windows Server Update Services (WSUS). This vulnerability had not been fully resolved in a prior update, prompting the intervention from the Cybersecurity and Infrastructure Security Agency (CISA). CISA is urging organizations to follow Microsoft’s guidance…

Windows Server 2025 is currently vulnerable to a Remote Code Execution exploit through the Windows Update Service, with Microsoft yet to provide a complete fix. Reports indicate that a prior attempt to patch the vulnerability failed to prevent exploitation, and this contradicts Microsoft’s claim that the issue hadn’t been publicly disclosed. The exploit, similar to…

Network defenders are urged to address a newly discovered critical vulnerability in Windows Server Update Services (WSUS) that is currently being exploited. Microsoft released an out-of-band update to rectify this issue last Thursday, coinciding with reports from Huntress of threat actors actively targeting WSUS instances accessible through their default ports, 8530 and 8531. The vulnerability,…

Security researchers at Huntress have detected the real-time exploitation of a remote code execution (RCE) vulnerability in Windows Server Update Services (WSUS), which Microsoft recently addressed with an out-of-band security patch designated as CVE-2025-59287. WSUS is a crucial tool employed by enterprise administrators to manage and distribute updates throughout corporate networks. The vulnerability arises from…

Security researchers are raising alarms about a serious vulnerability in Microsoft Windows Server Update Service (WSUS) that hackers have been exploiting. This vulnerability, identified as CVE-2025-59287, stems from the deserialization of untrusted data, potentially allowing intruders to execute unauthorized code. The threat landscape is concerning. Reports from Huntress indicate that attackers are already taking advantage…

Microsoft recently issued out-of-band patches to address a critical vulnerability in the Windows Server Update Service (WSUS), identified as CVE-2025-59287. This vulnerability, known for allowing remote code execution with SYSTEM privileges, was not fully rectified by earlier patches released on October 14. As a result, attackers have begun exploiting this flaw in the wild following…

Microsoft has recently issued out-of-band security updates to address a critical-severity vulnerability in the Windows Server Update Service (WSUS), identified as CVE-2025-59287. This vulnerability, rated at a CVSS score of 9.8, allows for remote code execution through a flaw originally patched during last week’s Patch Tuesday. The exploitation of this vulnerability is particularly concerning as…

In recent days, reports have surfaced regarding a critical bug in the Windows Recovery Environment (WinRE) that renders USB devices non-functional. Microsoft has already issued a patch for this specific issue, but now it has also addressed another significant problem impacting multiple versions of Windows. According to Microsoft’s Windows Release Health dashboard, a fix is…