{"id":18116,"date":"2025-11-04T03:36:23","date_gmt":"2025-11-04T03:36:23","guid":{"rendered":"https:\/\/sekuritasit.com\/?p=18116"},"modified":"2025-11-04T03:36:23","modified_gmt":"2025-11-04T03:36:23","slug":"microsoft-windows-server-update-service-remote-code-execution-vulnerability","status":"publish","type":"post","link":"https:\/\/sekuritasit.com\/index.php\/2025\/11\/04\/microsoft-windows-server-update-service-remote-code-execution-vulnerability\/","title":{"rendered":"Microsoft Windows Server Update Service Remote Code Execution Vulnerability"},"content":{"rendered":"\n\n\n\n <\/colgroup>\n\n\n\n\n
\n

\n What is the Vulnerability?\n <\/p>\n<\/td>\n

\n

\n CVE-2025-59287 is a critical unauthenticated remote code execution (RCE) vulnerability affecting Windows Server Update Services (WSUS). The flaw stems from unsafe deserialization of untrusted data, allowing attackers to execute arbitrary code on vulnerable servers without authentication.\n <\/p>\n

\n A public proof-of-concept exploit has been released, and CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, emphasizing active exploitation in the wild.\n <\/p>\n

\n Organizations should prioritize immediate patching or isolation of any internet-facing or exposed WSUS servers to prevent compromise.\n <\/p>\n<\/td>\n<\/tr>\n

\n

\n What is the recommended Mitigation?\n <\/p>\n<\/td>\n

\n

\n The vulnerability impacts Windows Server installations with the WSUS role enabled, including Windows Server 2012, 2012 R2, 2016, 2019, 2022, and 2025.\n <\/p>\n

    \n
  • \n

    \n Apply Microsoft\u2019s out-of-band security update released on October 23, 2025 (referenced in Microsoft\u2019s official advisory and KB documentation).\n <\/p>\n<\/li>\n

  • \n

    \n Restrict network access to WSUS servers, ensuring they are not exposed to untrusted or external networks.\n <\/p>\n<\/li>\n

  • \n

    \n Review system logs for unusual activity or unauthorized WSUS access attempts.\n <\/p>\n<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n

\n

\n What FortiGuard Coverage is available?\n <\/p>\n<\/td>\n

\n