Critical WSUS Vulnerability (CVE-2025-59287) Exploited in the Wild: Urgent Patching Required

Microsoft has released an emergency out-of-band security update to address a critical vulnerability in Windows Server Update Services (WSUS), identified as CVE-2025-59287 with a CVSS score of 9.8. The vulnerability stems from unsafe deserialization of AuthorizationCookie objects sent to the GetCookie() endpoint of WSUS. This issue affects multiple versions of Windows Server, including 2012, 2012 R2, 2016, 2019, 2022, and 23H2 Server Core. The exposed ports are 8530 (HTTP) and 8531 (HTTPS). Deserialization vulnerabilities are particularly dangerous as they can lead to remote code execution (RCE) if exploited successfully. Given the critical nature of WSUS in enterprise environments, a compromise could allow attackers to distribute malicious updates or gain control over the update process, leading to widespread infections. The active exploitation of this vulnerability underscores the urgency for organizations to apply the patch immediately. Additionally, organizations should review and restrict access to the affected ports and monitor network traffic for any unusual activity related to WSUS. This incident highlights the importance of secure coding practices, particularly around deserialization, and the need for robust network segmentation and access controls. Cybersecurity professionals should prioritize patching and consider conducting a thorough review of deserialization practices in their applications to mitigate similar risks.