Attackers are now exploiting a critical-severity Windows Server Update Service (WSUS) vulnerability, which already has publicly available proof-of-concept exploit code.
Tracked as CVE-2025-59287, this remote code execution (RCE) flaw affects only Windows servers with the WSUS Server role enabled to act as an update source for other WSUS servers within the organization (a feature that isn't enabled by default).
Threat actors can exploit this vulnerability remotely in low-complexity attacks that don't require privileges or user interaction, allowing them to run malicious code with SYSTEM privileges. Under these conditions, the security flaw could also be potentially wormable between WSUS servers.
On Thursday, Microsoft released out-of-band security updates for all impacted Windows Server versions to "comprehensively address CVE-2025-59287," and advised IT administrators to install them as soon as possible:
Windows Server 2025 (KB5070881)
Windows Server, version 23H2 (KB5070879)
Windows Server 2022 (KB5070884)
Windows Server 2019 (KB5070883)
Windows Server 2016 (KB5070882)
Windows Server 2012 R2 (KB5070886)
... continue reading