Microsoft has released a critical security patch to address a severe remote code execution vulnerability affecting Windows Server Update Services (WSUS).
The flaw, tracked as CVE-2025-59287, poses an immediate threat to organizations managing Windows updates across their infrastructure.
| Attribute | Details |
| CVE ID | CVE-2025-59287 |
| Released | October 14, 2025 |
| Last Updated | October 23, 2025 |
| Vulnerability Type | Remote Code Execution |
| Weakness | CWE-502: Deserialization of Untrusted Data |
| CVSS 3.1 Score | 9.8 (Critical) |
With a maximum CVSS score of 9.8, this vulnerability requires immediate attention from system administrators and IT security teams worldwide.
Understanding the Vulnerability
Windows Server Update Services is a crucial component in enterprise environments, allowing administrators to manage and distribute security updates across multiple computers from a centralized location.
The newly discovered vulnerability exists in how WSUS handles deserialization of untrusted data, a common attack vector that can allow attackers to execute arbitrary code on affected systems.
The vulnerability requires no authentication or user interaction to exploit, making it particularly dangerous.
An attacker with network access to a WSUS server could potentially execute commands with the same privileges as the WSUS service account.
This could lead to complete compromise of the update infrastructure and potentially affect thousands of connected systems across an organisation .
The critical nature of this flaw cannot be overstated. WSUS environments are trusted components within corporate networks, and their compromise could allow threat actors to distribute malicious updates or gain deep persistence within an organisation’s IT infrastructure.
The CVSS 3.1 vector string reveals a network-based attack with low complexity, no privileges required, and high impact on confidentiality, integrity, and availability of systems.
Microsoft classified this vulnerability as critical with an exploitability rating of “Probable,” indicating that working exploit code is likely to be developed or already exists.
The attack could propagate rapidly across environments where WSUS is widely deployed, making swift patching essential.
Organizations operating WSUS infrastructure should prioritize applying Microsoft’s security patch immediately.
System administrators should review their WSUS deployment topology, assess network segmentation, and consider implementing additional monitoring around WSUS servers and the update distribution process.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
