THE CORTEX PROTOCOL
🏠Home🚨Threats🧩Patches📚Books🎬Mission Logs
🚨 CRITICALadvisory

WSUS CVE-2025-59287: Exploitation Hits Multiple Orgs (The Register)

Category:Threat Alerts / Vulnerabilities & Exploits
The Register reports active exploitation of WSUS CVE-2025-59287, with telemetry noting ~100,000 exploitation hits in seven days and ~500,000 internet-facing servers with WSUS enabled. Google’s GTIG tracks UNC6512 activity, with reconnaissance and exfiltration observed.

🎯CORTEX Protocol Intelligence Assessment

Business Impact: WSUS compromise risks mass downstream software distribution tampering. Technical Context: Insecure deserialization via GetCookie and ReportingWebService endpoints; exploitation observed post emergency patch.

Strategic Intelligence Guidance

  • Apply Microsoft’s out-of-band patch and verify WSUS isolation
  • Block inbound 8530/8531 from untrusted networks
  • Hunt for PowerShell child processes of wsusservice.exe/w3wp.exe
  • Audit update approvals for malicious package injection

CVEs

CVE-2025-59287

Vendors

Microsoft

Threats

UNC6512

Targets

Windows Server (WSUS)

Impact

Data Volume:N/A
Financial:N/A

Tags

#wsus#cve-2025-59287#kev#deserialization
Intelligence Source: Microsoft WSUS attacks hit 'multiple' orgs, Google warns • The Register | Oct 28, 2025
More stories in Vulnerabilities & Exploits