Microsoft Releases Urgent Patch for Critical WSUS Vulnerability CVE-2025-59287 Under Active Exploitation

Microsoft has released urgent updates to address a critical Remote Code Execution (RCE) vulnerability, CVE-2025-59287, affecting Windows Server Update Services (WSUS). This vulnerability, with a CVSS score of 9.8, is currently being actively exploited. Researchers MEOW and Markus Wulftange from CODE WHITE GmbH reported the flaw, prompting Microsoft to issue an out-of-band patch. WSUS is a crucial service for managing and distributing updates within an organization, making this vulnerability particularly dangerous as it could allow attackers to execute code remotely on multiple systems. The high CVSS score indicates that exploitation is relatively easy and the impact is significant, potentially leading to widespread compromise within an organization's network. Cybersecurity professionals are advised to prioritize patching this vulnerability immediately to mitigate the risk of exploitation. Additionally, organizations should monitor their networks for any signs of exploitation and ensure their incident response plans are up to date. This vulnerability underscores the importance of timely patch management and robust network monitoring to prevent large-scale breaches and significant damage.