University of Wisconsin KnowledgeBase : Windows Server Update Service (WSUS) Remote Code Execution Vulnerability (CVE-2025-59287)

Windows Server Update Service (WSUS) Remote Code Execution Vulnerability (CVE-2025-59287)

Posted: 2025-10-24 13:12:37   Expiration: 2025-12-31 13:12:37

Cybersecurity recommends patching CVE-2025-59287 within 3 business days.

About the Event:

On October 23, 2025, Microsoft released an out-of-band (OOB) security update for WSUS. The OOB security update more comprehensively addresses the remote code execution vulnerability (CVE-2025-59287) previously announced during October Patch Tuesday.

Actions Requested: 

Cybersecurity recommends installing the Microsoft OOB security update within 3 business days for Windows servers with WSUS Server Role enabled.

Event Impact: 

Any user with network access to an unpatched WSUS server can execute arbitrary code on the server. Successful exploitation could potentially allow privilege escalation and lead to full system compromise or lateral movement across the network.

This vulnerability has a public proof-of-concept exploit available. There are reports of this vulnerability being exploited in the wild. 

 

References / KBs: 

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287

https://www.bleepingcomputer.com/news/security/microsoft-releases-windows-server-emergency-updates-for-critical-wsus-rce-flaw/

https://hawktrace.com/blog/CVE-2025-59287

-- Cybersecurity Vulnerablity Management: Hui-Chun Kuo