Microsoft Releases Emergency Patch for Critical Security Flaw

Microsoft has issued urgent security patches to address a critical vulnerability in the Windows Server Update Service (WSUS), identified as CVE-2025-59287, which has a high severity score of 9.8. This flaw allows attackers to execute code remotely on WSUS servers. The vulnerability, discovered by researchers MEOW, f7d8c52bec79e42795cf15888b85cbad, and Markus Wulftange, involves unsafe handling of "AuthorizationCookie" objects, leading to potential remote code execution with full system privileges.

The issue affects Windows servers with the WSUS Server Role enabled, and Microsoft has released updates for several Windows Server versions, including 2012, 2016, 2019, and 2022. The Dutch National Cyber Security Centre (NCSC) reported active exploitation of this vulnerability as of October 24, 2025, with attackers using it to deliver hidden .NET executables via WSUS.

Cybersecurity firms Eye Security and Huntress have observed exploitation attempts, with attackers targeting publicly accessible WSUS systems on default ports (8530/TCP and 8531/TCP). The exploit involves sending crafted requests to WSUS web services, triggering remote code execution and allowing attackers to run PowerShell payloads that collect and exfiltrate network and user data.

Microsoft re-released the update after the initial fix proved insufficient, and they advise immediate installation of the patch. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities list, mandating federal agencies to apply the fix by November 14, 2025.

Stay secure — stay Wavasec. 🔐