Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287)

Source: Help Net Security

Author: Zeljka Zorz

URL: https://www.helpnetsecurity.com/2025/10/24/wsus-vulnerability-cve-2025-59287-exploited/

ONE SENTENCE SUMMARY:

Microsoft issued an out-of-band update addressing the critical CVE-2025-59287 vulnerability in WSUS, urging immediate implementation due to exploitation risks.

MAIN POINTS:

1. Microsoft released a security update for the CVE-2025-59287 vulnerability.
2. WSUS helps manage and distribute Microsoft updates across networks.
3. The vulnerability allows remote code execution without user interaction.
4. Only affects Windows Server machines with WSUS Server role enabled.
5. Initial fix was incomplete, prompting an additional update.
6. Proper network configuration should prevent Internet exploitation.
7. Exploitation can occur if attackers access the internal network.
8. Updated WSUS servers could distribute malicious updates.
9. Immediate update installation is advised; disable WSUS if not possible.
10. The update supersedes all previous for affected versions.

TAKEAWAYS:

1. Implement the update urgently to prevent exploitation risks.
2. WSUS should operate behind firewalls to mitigate Internet threats.
3. Administrators should consider disabling WSUS if immediate updates aren’t feasible.
4. The update is cumulative, requiring no prior patches.
5. Awareness of network security configurations is critical to safeguard against potential attacks.