Summary of the incident
An unauthenticated attacker can exploit CVE-2025-59287 in Windows Server Update Services (WSUS) to immediately gain full SYSTEM-level control of the affected server. This threat is actively being exploited in the wild.
How to tell if you are impacted
If you are running WSUS and you have not patched, you are vulnerable.
Recommended Mitigation/Next Steps
- Ensure that you have installed the out-of-band security update released by Microsoft on October 23, 2025, which addresses CVE-2025-59287.
- Please note that a system reboot is required after installation
- Review External Perimeter Configurations
- Verify that your WSUS servers are not exposed to the internet.
- Specifically, ensure that ports 8530 (HTTP) and 8531 (HTTPS), commonly used by WSUS, are not accessible externally.
- If these ports are exposed, attackers can exploit the vulnerability remotely