MCNC Logo
10.29.2025

CVE-2025-59287

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 10/29/2025

Action Level - Critical

Description

Microsoft has announced a critical Remote Code Execution (RCE) vulnerability, CVE-2025-59287, which affects Windows Server Update Services (WSUS)and is currently being actively exploited in the wild. An out-of-band patch has been released. Immediate action is required.

This is a critical vulnerability (CVSS 9.8) caused by a Deserialization of Untrusted Data flaw in WSUS. It allows a remote, unauthenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable WSUS server. This vulnerability is extremely concerning due to the potential for an attacker to compromise the core update mechanism of an enterprise network.

Affected Versions

All currently supported Windows Server versions with the WSUS Server Role enabled are affected, specifically:

  • Windows Server 2012 / 2012 R2
  • Windows Server 2016
  • Windows Server 2019
  • Windows Server 2022
  • Windows Server 2025

Attack Vector

The vulnerability is exploited over the network. An attacker sends a specially crafted request to the WSUS server's web services, which triggers unsafe deserialization of an object (specifically related to the AuthorizationCookie), leading to remote code execution.

  • Authentication: Not required (Unauthenticated)
  • Privileges: No privileges required
  • Target Ports: Default WSUS ports (typically 8530/TCP for HTTP and 8531/TCP for HTTPS)

Mitigations

If you cannot apply the security update immediately, these temporary mitigations will render the WSUS role non-operational, but stop the exploitation vector. Do not undo these until the patch is fully applied.

  • Block Inbound Traffic: Block inbound network traffic to the WSUS service ports (TCP 8530 and TCP 8531) on the host firewall of the WSUS server. While a perimeter firewall block helps, restricting access at the host level is the recommended short-term mitigation.
  • Disable WSUS Role: Temporarily disable the WSUS Server Role. Note: This will prevent clients from receiving updates.

Remediations

The only complete and permanent remediation is to apply the latest out-of-band security update released by Microsoft.

  • Apply the Update: Immediately apply the appropriate out-of-band cumulative update for your Windows Server version. This update supersedes the initial, incomplete fix from the October 2025 Patch Tuesday.
  • Reboot: A reboot of the WSUS server is required to complete the mitigation process.

Vendor Resources

For the most accurate and up-to-date information, including direct links to the necessary patches, refer to the official Microsoft Security Update Guide:

Other Resources:

Bleeping Computer

CVE.org

Nist.gov

<-- Return to Cybersecurity Alerts...

MCNC
3021 East Cornwallis Road
Durham, NC 27713- 2852
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • x
  • facebook
  • youtube
© 2025 MCNC