Microsoft Releases Emergency Patch For Windows Server Update Service RCE Vulnerability
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
Microsoft has rolled out an out-of-band emergency patch for a remote code execution (RCE) vulnerability affecting the Windows Server Update Services (WSUS).<\/p>\n
Identified as CVE-2025-59287<\/a>, the issue stems from the deserialization of untrusted data in a legacy serialization mechanism, allowing unauthorized attackers to execute arbitrary code over the network.<\/p>\n The patch, released on October 23, 2025<\/a>, addresses the critical threat just days after the vulnerability\u2019s initial disclosure on October 14.<\/p>\n The flaw, rated critical with a CVSS 3.1 base score of 9.8, requires no user privileges or interaction, making it highly exploitable via the network with low complexity. <\/p>\n Attackers could send crafted events to trigger unsafe deserialization, potentially leading to full system compromise and severe impacts on confidentiality, integrity, and availability.<\/p>\n While WSUS is not enabled by default on Windows servers, thus sparing unmodified systems, organizations running the server role for update management face immediate risk if unpatched.<\/p>\n Microsoft\u2019s security team updated the CVE\u2019s temporal score to 8.8 after confirming the availability of proof-of-concept (PoC) exploit code, elevating the exploitability assessment to \u201cmore likely.\u201d <\/p>\n No active exploitation in the wild has been reported yet, but the public disclosure of PoC code<\/a> underscores the urgency for administrators to act.<\/p>\n The vulnerability was responsibly reported by researchers from MEOW and CODE WHITE GmbH, including Markus Wulftange, who identified the deserialization weakness tied to CWE-502.<\/p>\n The October 23 update is available through Windows Update, Microsoft Update, and the Microsoft Update Catalog for standalone downloads. <\/p>\n It will also sync automatically with WSUS environments. However, installation requires a server reboot, which could disrupt operations in production settings. <\/p>\n For those unable to patch immediately, Microsoft recommends temporary workarounds: disable the WSUS server role entirely, halting client updates in the process, or block inbound traffic to ports 8530 and 8531 at the host firewall level to neutralize the service.<\/p>\n This release highlights ongoing challenges in legacy components like WSUS, which many enterprises still rely on for centralized patch management. <\/p>\n Security experts urge organizations to review their WSUS configurations and prioritize the update to prevent potential breaches. <\/p>\n An updated Windows Update<\/a> offline scan file (Wsusscn2.cab) is now available to aid detection. As cybersecurity threats evolve, this incident serves as a reminder of the importance of timely patching in enterprise environments. Microsoft continues to monitor for any emerging exploits.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post Microsoft Releases Emergency Patch For Windows Server Update Service RCE Vulnerability<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nVulnerability Exposes WSUS Servers To Remote Attacks<\/strong><\/h2>\n