Microsoft issued an emergency patch for a critical vulnerability in Windows Server Update Services (WSUS), addressing a remote code execution (RCE) flaw affecting Windows Server versions from 2012 to 2025.
Patch Details
The vulnerability arises from insecure deserialization of untrusted data within WSUS, allowing attackers to execute arbitrary code. Microsoft assigned a maximum severity rating of "Critical" to this flaw. The update, released out-of-band, includes October's patches where applicable and requires a system reboot.
- Insecure deserialization: Main cause of the vulnerability.
- Affected versions: Windows Server 2012-2025.
- Severity: Rated as "Critical" by Microsoft.
- Recommendation: Apply patch or take mitigating actions.
Recommended Actions
Administrators unable to immediately apply this patch are advised to disable the WSUS role on their servers, which will cease client updates, or to block inbound traffic to ports 8530 and 8531 to mitigate potential exploitation.
Microsoft urges administrators to switch to alternative solutions like its cloud-based Intune service, given WSUS's status of no new active development, despite continued support following user feedback.
Future Considerations
This update highlights ongoing security concerns for unsupported components like WSUS in Windows Server. The vulnerability's public proof-of-concept has intensified the urgency for server administrators to address this security threat promptly.
