Rapid Reads News

HOMEmiscentertainmentcorporateresearchwellnessathletics

Microsoft WSUS: Emergency Update Patches Critical Code Injection Vulnerability

By Dirk Knop
Microsoft WSUS: Emergency Update Patches Critical Code Injection Vulnerability

On Friday morning, Microsoft released an emergency update for a critical security vulnerability in WSUS. An exploit has been spotted.

Microsoft released an out-of-band update for Windows Server Update Services (WSUS) early Friday morning. According to Microsoft, it correctly closes a critical security vulnerability that attackers could use to inject and execute malicious code. A proof-of-concept exploit has reportedly surfaced. Admins should therefore act quickly and apply the new patch.

This is indicated by an entry in Windows Release Health Message Center at 4 AM Central European Summer Time on Friday morning. "Microsoft has discovered a remote code execution vulnerability (RCE) in the reporting web service of Windows Server Update Services (WSUS)," the developers write. "An out-of-band (OOB) update was released on October 23rd to address the issue." Due to the time difference, it is still Thursday on the US Pacific coast at the time of the report. Microsoft further explains: "This is a cumulative update. If you have not yet installed the Windows security updates from October, we recommend applying the out-of-band update instead." A restart is required after the update.

Microsoft already released a software patch to close the vulnerability with the October Patch Day. The description of the vulnerability states: "Deserializing untrusted data in Windows Server Update Service allows an unauthenticated attacker to execute code over a network" (CVE-2025-59287, CVSS 9.8, Risk "critical").

Contrary to the entry in the Message Center, the developers write that customers with Windows servers should apply the out-of-band update to fully fix the vulnerability. They also mention a workaround that should definitely be applied until the updates are installed: Either admins disable WSUS, or they block access to its ports 8530 and 8531 on the host firewall, making it unreachable.

The update is available for various servers:

This is already the second unplanned update in October. On Tuesday, Microsoft released an out-of-band update that fixes a problem with the Windows Recovery Environment. The latter could no longer be operated with USB keyboards and mice after the October security patches.

Previous articleNext article

POPULAR CATEGORY

misc

6146

entertainment

6743

corporate

5497

research

3517

wellness

5587

athletics

6831