Microsoft Windows Server Update Service Remote Code Execution Vulnerability

Blog

Byadmblake November 4, 2025

What is the Vulnerability? CVE-2025-59287 is a critical unauthenticated remote code execution (RCE) vulnerability affecting Windows Server Update Services (WSUS). The flaw stems from unsafe deserialization of untrusted data, allowing attackers to execute arbitrary code on vulnerable servers without authentication. A public proof-of-concept exploit has been released, and CISA has added the vulnerability to its…

What is the Vulnerability?

CVE-2025-59287 is a critical unauthenticated remote code execution (RCE) vulnerability affecting Windows Server Update Services (WSUS). The flaw stems from unsafe deserialization of untrusted data, allowing attackers to execute arbitrary code on vulnerable servers without authentication.

A public proof-of-concept exploit has been released, and CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, emphasizing active exploitation in the wild.

Organizations should prioritize immediate patching or isolation of any internet-facing or exposed WSUS servers to prevent compromise.

What is the recommended Mitigation?

The vulnerability impacts Windows Server installations with the WSUS role enabled, including Windows Server 2012, 2012 R2, 2016, 2019, 2022, and 2025.

Apply Microsoft’s out-of-band security update released on October 23, 2025 (referenced in Microsoft’s official advisory and KB documentation).
Restrict network access to WSUS servers, ensuring they are not exposed to untrusted or external networks.
Review system logs for unusual activity or unauthorized WSUS access attempts.

What FortiGuard Coverage is available?

FortiGuard IPS Service detects and blocks exploit attempts targeting CVE-2025-59287.

Intrusion Prevention | FortiGuard Labs
FortiGuard Endpoint Vulnerability Service provides a systematic and automated method of patching applications on an endpoint, eliminating manual processes while reducing the attack surface.

Endpoint Vulnerability | FortiGuard Labs
The FortiGuard Incident Response team can be engaged to help with any suspected compromise.

Blog

Hacktivist Tied to Multiple Cyber Groups Sentenced to Jail

At one point, Al-Tahery Al-Mashriky was hacking thousands of websites within the span of three months while stealing personal data and sensitive information.

Read More Hacktivist Tied to Multiple Cyber Groups Sentenced to Jail
Blog

IoT Security Flounders Amid Churning Risk

The Internet of Things (IoT) has made everything more interconnected than ever, but an important US government security initiative is stuck in limbo even as threat actors step up attacks on everything from medical gear to printers.

Read More IoT Security Flounders Amid Churning Risk
Blog

Meta Wins Lawsuit Against Spyware Vendor NSO Group

The spyware company must pay the tech giant $168 million in punitive and compensatory damages after a 2019 attack targeting 1,400 devices.

Read More Meta Wins Lawsuit Against Spyware Vendor NSO Group
Blog

Webinar: Why Top Teams Are Prioritizing Code-to-Cloud Mapping in Our 2025 AppSec

Picture this: Your team rolls out some new code, thinking everything’s fine. But hidden in there is a tiny flaw that explodes into a huge problem once it hits the cloud. Next thing you know, hackers are in, and your company is dealing with a mess that costs millions. Scary, right? In 2025, the average…

Read More Webinar: Why Top Teams Are Prioritizing Code-to-Cloud Mapping in Our 2025 AppSec
Blog

Researchers Uncover GPT-5 Jailbreak and Zero-Click AI Agent Attacks Exposing Cloud and IoT Systems

Cybersecurity researchers have uncovered a jailbreak technique to bypass ethical guardrails erected by OpenAI in its latest large language model (LLM) GPT-5 and produce illicit instructions. Generative artificial intelligence (AI) security platform NeuralTrust said it combined a known technique called Echo Chamber with narrative-driven steering to trick the model into producing undesirable

Read More Researchers Uncover GPT-5 Jailbreak and Zero-Click AI Agent Attacks Exposing Cloud and IoT Systems
Blog

Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Global Organizations

A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an “active, large-scale” exploitation campaign. The zero-day flaw, tracked as CVE-2025-53770 (CVSS score: 9.8), has been described as a variant of CVE-2025-49706 (CVSS score: 6.3), a spoofing bug in Microsoft SharePoint Server that was addressed by the tech giant as part…

Read More Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Global Organizations

Related