{“lastseen”:”2025-10-24T16:31:51″,”description”:”\\n\\nMicrosoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has reportedly come under active exploitation in the wild.\\n\\nThe vulnerability in question is **CVE-2025-59287** (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech giant as part of its Patch Tuesday update published last week.\\n\\nThree security researchers, MEOW, f7d8c52bec79e42795cf15888b85cbad, and Markus Wulftange with CODE WHITE GmbH, have been acknowledged for discovering and reporting the bug.\\n\\nThe shortcoming concerns a case of deserialization of untrusted data in WSUS that allows an unauthorized attacker to execute code over a network. It’s worth noting that the vulnerability does not impact Windows servers that do not have the WSUS server role enabled.\\n\\n\\n\\nIn a hypothetical attack scenario, a remote, unauthenticated attacker could send a crafted event that triggers unsafe object deserialization in a \\”legacy serialization mechanism,\\” leading to remote code execution.\\n\\nAccording to HawkTrace security researcher Batuhan Er, the issue \\”arises from the unsafe deserialization of AuthorizationCookie objects sent to the GetCookie() endpoint, where encrypted cookie data is decrypted using AES-128-CBC and subsequently deserialized through BinaryFormatter without proper type validation, enabling remote code execution with SYSTEM privileges.\\”\\n\\nIt’s worth noting that Microsoft itself previously recommended developers to stop using BinaryFormatter for deserialization, owing to the fact that the method is not safe when used with untrusted input. An implementation of BinaryFormatter was subsequently removed from .NET 9 in August 2024.\\n\\n\\”To comprehensively address CVE-2025-59287, Microsoft has released an out of band security update for the following supported versions of Windows Server: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), and Windows Server 2025,\\” Redmond said in an update.\\n\\nOnce the patch is installed, it’s advised to perform a system reboot for the update to take effect. If applying the out-of-band is not an option, users can take any of the following actions to protect against the flaw -\\n\\n * Disable WSUS Server Role in the server (if enabled)\\n * Block inbound traffic to Ports 8530 and 8531 on the host firewall\\n\\n\\n\\n\\n\\n\\”Do NOT undo either of these workarounds until after you have installed the update,\\” Microsoft warns.\\n\\nThe development comes as the Dutch National Cyber Security Centre (NCSC) said it learned from a \\”trusted partner that abuse of CVE-2025-59287 was observed on October 24, 2025.\\” There are currently no other details on how it’s being abused in real-world attacks.\\n\\nGiven the availability of a PoC exploit, it’s essential that users apply the patch as soon as possible to mitigate potential threats.\\n\\nFound this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.\\n”,”published”:”2025-10-24T16:30:00″,”modified”:”2025-10-24T16:30:31″,”type”:”thn”,”title”:”Microsoft Issues Emergency Patch for Actively Exploited Critical WSUS Vulnerability”,”source”:””,”references”:””,”id”:”THN:EEA3E4CC4AB3D2446AD7630C9BB7B4F1″,”bulletinFamily”:”info”,”cwe”:null,”cvelist”:[“CVE-2025-59287″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/thehackernews.com\/2025\/10\/microsoft-issues-emergency-patch-for.html”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-10-24T16:31:51″,”description”:”\\n\\nMicrosoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[9,6,8,35,12,13,7,11,43,5],"class_list":["post-23213","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-news","tag-security","tag-tapic","tag-thn","tag-vulnerability"],"yoast_head":"\n