Identified as CVE-2025-59287, the issue stems from the deserialization of untrusted data in a legacy serialization mechanism, allowing unauthorized attackers to execute arbitrary code over the network.
The patch, released on October 23, 2025, addresses the critical threat just days after the vulnerability’s initial disclosure on October 14.
The flaw, rated critical with a CVSS 3.1 base score of 9.8, requires no user privileges or interaction, making it highly exploitable via the network with low complexity.
Attackers could send crafted events to trigger unsafe deserialization, potentially leading to full system compromise and severe impacts on confidentiality, integrity, and availability.
While WSUS is not enabled by default on Windows servers, thus sparing unmodified systems, organizations running the server role for update management face immediate risk if unpatched.
Microsoft’s security team updated the CVE’s temporal score to 8.8 after confirming the availability of proof-of-concept (PoC) exploit code, elevating the exploitability assessment to “more likely.”
No active exploitation in the wild has been reported yet, but the public disclosure of PoC code underscores the urgency for administrators to act.
The vulnerability was responsibly reported by researchers from MEOW and CODE WHITE GmbH, including Markus Wulftange, who identified the deserialization weakness tied to CWE-502.
The October 23 update is available through Windows Update, Microsoft Update, and the Microsoft Update Catalog for standalone downloads.
It will also sync automatically with WSUS environments. However, installation requires a server reboot, which could disrupt operations in production settings.
For those unable to patch immediately, Microsoft recommends temporary workarounds: disable the WSUS server role entirely, halting client updates in the process, or block inbound traffic to ports 8530 and 8531 at the host firewall level to neutralize the service.
This release highlights ongoing challenges in legacy components like WSUS, which many enterprises still rely on for centralized patch management.
Security experts urge organizations to review their WSUS configurations and prioritize the update to prevent potential breaches.
An updated Windows Update offline scan file (Wsusscn2.cab) is now available to aid detection. As cybersecurity threats evolve, this incident serves as a reminder of the importance of timely patching in enterprise environments. Microsoft continues to monitor for any emerging exploits.
| Affected Version | Patch KB Number | Notes |
|---|---|---|
| Windows Server 2012 | KB5070887 | Standard and Server Core |
| Windows Server 2012 R2 | KB5070886 | Standard and Server Core |
| Windows Server 2016 | KB5070882 | Standard and Server Core |
| Windows Server 2019 | KB5070883 | Standard and Server Core |
| Windows Server 2022 | KB5070884 | Standard and Server Core |
| Windows Server 2022, 23H2 Edition | KB5070879 | Server Core installation |
| Windows Server 2025 | KB5070881 | Standard and Server Core |
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Microsoft Releases Emergency Patch For Windows Server Update Service RCE Vulnerability appeared first on Cyber Security News.
This article contains spoilers for Resident Evil Requiem. Resident Evil Requiem finally sees the series…
From ARC Raiders to Escape From Duckov, extraction shooters seem to be enjoying something of…
It's a very exciting time for the Pokémon community with the reveal of the 10th…
People walk past blooming trees on the Harvard University campus in Cambridge, Massachusetts, in April…
NASA announced at a press conference on Friday that it's delaying its plans for a…
US President Donald Trump (R) looks on as US Secretary of Defense Pete Hegseth speaks…
This website uses cookies.