Microsoft issues emergency Windows server security patch - update now or risk attack

News
By published

Microsoft sounds the alarm after PoC emerges

Hands on a laptop with overlaid logos representing network security
(Image credit: Thapana Onphalai via Getty Images)
  • Microsoft issues emergency patch for a critical WSUS flaw enabling remote code execution
  • CVE-2025-59287 allows unauthenticated attackers to gain SYSTEM privileges without user interaction
  • An out-of-band update was released after public exploit code surfaced online

Microsoft has issued an emergency Windows server security patch to fix a critical severity flaw apparently abused in the wild.

As part of its most recent Patch Tuesday cumulative update (October 14, 2025), Microsoft addressed CVE-2025-59287, a “deserialization of untrusted data” flaw found in Windows Server Update Service (WSUS).

WSUS allows IT admins to manage patching computers within their network. The flaw was given a severity score of 9.8/10 (critical), as it apparently allows for remote code execution (RCE) attacks. It can be abused in low-complexity attacks, without user interaction, granting unauthenticated, unprivileged threat actors the ability to run malicious code with SYSTEM privileges. In theory, it would allow them to pivot and infect other WSUS servers, too.

Mitigations and workarounds

Microsoft has now released an out-of-band (OOB) security update, after spotting publicly available proof-of-concept (PoC) code.

Although the Patch Tuesday update already included a fix for CVE-2025-59287, Microsoft issued an out-of-band update to urgently alert administrators and ensure immediate installation after the public exploit became available.

"If you haven't installed the October 2025 Windows security update yet, we recommend you apply this OOB update instead,” Microsoft explained in a security advisory. “After you install the update you will need to reboot your system."

There is also a way to mitigate the risk, Microsoft explained, saying that Windows servers without the WSUS server role enabled are not vulnerable. “If the WSUS server role is enabled, the server will become vulnerable if the fix is not installed before the WSUS server role is enabled," Microsoft explained.

Available workarounds include disabling the WSUS Server Role, or blocking all inbound traffic to ports 8530 and 8531 on the host firewall. In that case, though, Windows endpoints will stop receiving updates.

Microsoft also added WSUS will no longer show synchronization error details after installing the update, since the functionality was temporary in the first place.

Via BleepingComputer

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.