Microsoft has recently released an emergency patch for CVE-2025-59287. There is a critical remote code execution (RCE) vulnerability in the Windows Server Update (WSUS). In this scenario, according to the Cybersecurity and Infrastructure Security Agency (CISA), a remote attacker can efficiently execute malicious code with SYSTEM rights if the vulnerability is exploited properly.
This new vulnerability affects Windows servers with the WSUS Server role enabled. It is used to distribute updates within organizations. Systems missing this role are not vulnerable. The tech giant Microsoft has issued an alert that if the WSUS role is activated before applying the fix, the system could be quickly and easily exposed.
CISA has issued an urgent binding order requiring federal agencies to patch affected systems within 2 weeks, focusing on exploitation attempts currently underway. The agency also requested that all organizations implement Microsoftโs mitigation guidance without delay.
Active Exploitation and Global Impact of CVE-2025-59287
Security experts at Eye Security and Huntress Labs confirmed that the exploit is in progress.ย ย Eye Security noted approximately 2,500 WSUS servers still publicly exposed globally, mainly in Germany and the Netherlands. Huntress shared that the attackers are using PowerShell reconnaissance commandsโnamely whoami, net user /domain, and ipconfig /allโto exfiltrate data from the internal network.
Microsoft has rated CVE-2025-59287 as having โExploitation More Likelyโ due to its wormable potential across WSUS servers. The company also stressed that immediate action is needed because any WSUS server exposed to the WSUS port can be compromised remotely, with no user interaction and no elevated privileges.
CISA and Microsoft advise all administrators to deploy the emergency update for Microsoft CVE-2025-59287 as soon as possible or implement temporary mitigations to guard against ongoing attacks, as active attacks and proof-of-concept code are circulating. Itโs important to incorporate security in the first place rather than being late!
Check out our news section for all the latest updates around the cybersecurity landscape!
Recommended For You:
Key Pillars of Googleโs Vulnerability Management System
Google Chrome Zero Day Vulnerability: All You Need to Know About
