Microsoft has released an urgent update to address a critical vulnerability in the Windows Server Update Service (WSUS), following a warning from the Cybersecurity and Infrastructure Security Agency (CISA) about active attacks. The flaw, labeled CVE-2025-59287, allows hackers to execute malicious code remotely if left unchecked.
Security Flaw and Urgent Action
Detected by CISA, this vulnerability presents a serious risk by permitting remote code execution. CISA advises federal agencies and organizations to update their WSUS servers immediately. Servers with the WSUS role enabled must apply the patch, as those without the role activated are not affected.
- Microsoft released a security update on 2025-10-23 to mitigate the threat.
- Servers lacking the WSUS role are not vulnerable.
- Organizations should update WSUS guidance and reboot servers post-update.
Recommended Mitigation Steps
CISA mandates agencies to patch within two weeks, while recommending organizations to follow Microsoft's updated guidance to prevent unauthorized remote access. If an immediate update is impossible, disable the WSUS role and block ports 8530 and 8531.
To maintain security, Microsoft instructs against reversing these workaround measures until after the update installation is complete. This directive highlights the urgent need for infrastructure managers to act swiftly to protect their systems.
