Hackers Exploiting Critical Windows Server Update Service Vulnerability
Category:Vulnerabilities / Microsoft
Security researchers have reported active exploitation of CVE-2025-59287 in Microsoft Windows Server Update Services (WSUS). The flaw allows unauthenticated remote code execution through deserialization of untrusted data. CISA has added the issue to its KEV catalog, urging federal agencies and enterprises to patch immediately. Exploitation has been observed in multiple networks using the WSUS Server Role with open ports 8530/8531.
CORTEX Protocol Intelligence Assessment
Business Impact: High risk of privilege escalation and lateral movement within enterprise networks managing Windows updates. Unpatched systems remain exposed to complete domain compromise. Technical Context: Attackers exploit deserialization in WSUS components to achieve remote code execution and persistent control.
Strategic Intelligence Guidance
- Apply Microsoft’s out-of-band patch immediately.
- Restrict external WSUS exposure and review server role configurations.
- Monitor for exploitation patterns on ports 8530/8531.
- Update asset inventory to flag unpatched WSUS instances.
CVEs
Vendors
Targets
Intelligence Source: Hackers exploiting critical vulnerability in Windows Server Update Service | Cybersecurity Dive | Oct 25, 2025