The National Computer Emergency Response Team (National CERT) has issued a warning about a serious security flaw in Microsoft Windows Server Update Services (WSUS) currently being exploited by hackers. The vulnerability, tracked as CVE-2025-59287, is a remote code execution (RCE) flaw that allows attackers to take full control of affected servers.
Hackers exploiting this flaw can run any commands, steal sensitive data, or install malicious software on vulnerable systems. Microsoft has already released a security update to fix the issue, but unpatched servers remain at high risk.
According to National CERT, the flaw has a severity score of 9.8 out of 10. It arises from unsafe handling of WSUS authorization cookies. Windows Servers exposing WSUS web connections on ports 8530 (HTTP) or 8531 (HTTPS) are particularly vulnerable. Reports indicate that attackers are already using this vulnerability to spread malware, steal credentials, and move laterally across networks.
The attack is simple to execute and does not require user interaction or admin privileges. Hackers only need network access to the WSUS service to trigger the exploit. System administrators are advised to review server and IIS logs for unusual commands or traffic targeting WSUS.
National CERT has urged organizations to take immediate protective measures. Recommended actions include:
- Installing Microsoft’s October 2025 security patch without delay
- Blocking WSUS ports from untrusted networks
- Restricting WSUS access to trusted internal users only
For systems where immediate patching is not possible, administrators should isolate or temporarily disable vulnerable WSUS servers while closely monitoring network activity.
The advisory emphasizes the urgency of this threat, as the vulnerability is actively being exploited. Both government and private sector IT teams must prioritize this issue to prevent attacks and secure their networks.
In other related news also read Microsoft Officially Exits Pakistan After 25 Years
This Microsoft WSUS flaw highlights the critical need for timely updates and strict network security measures to protect servers from high-risk cyber threats.
