Overview
A critical remote code execution vulnerability (CVE-2025-59287) has been identified in Windows Server Update Services (WSUS), stemming from the unsafe deserialization of untrusted data. This flaw allows a remote, unauthenticated attacker to send a crafted payload to the WSUS service, leading to arbitrary code execution with SYSTEM-level privileges on affected servers. Successful exploitation could result in full compromise of the WSUS host and enable attackers to distribute malicious updates across all connected systems, potentially impacting the entire enterprise network. Microsoft has released a security patch in October 2025, and immediate application of the update, along with strict access controls, is strongly recommended.
AFFECTED SYSTEMS
- Windows Server 2012 and 2012 R2 (including Server Core installations)
- Windows Server 2016 (including Server Core installations)
- Windows Server 2019 (including Server Core installations)
- Windows Server 2022 (including 23H2 and Server Core installations)
- Windows Server 2025 (including Server Core…..
