Critical WSUS RCE Flaw in Windows Server Exploited Now
⚠️Microsoft confirmed attackers are exploiting a critical Windows Server Update Service vulnerability tracked as CVE-2025-59287, a remote code execution flaw that affects servers running the WSUS Server role when configured as an update source for other WSUS servers. The bug can be abused remotely with low complexity and no user interaction to run code as SYSTEM, raising wormable concerns. Microsoft released out-of-band patches for all affected Windows Server versions and advised immediate installation or temporary disabling of the WSUS Server role; public proof-of-concept code and active scanning have been observed in the wild.
