Heads up! Microsoft has released an emergency update for a serious flaw in Windows Server Update Services (WSUS). This one is tracked as CVE-2025-59287 and it already has a working proof-of-concept exploit online so definitely one to take note of and patch. If you are running WSUS, pull this one down if any other patch.
The issue allows remote attackers to run code with full system privileges on any Windows Server that has the WSUS Server Role turned on. It doesn’t take user interaction, and what's worse, Microsoft has warned it could be used to spread between WSUS servers. Servers that do not have WSUS enabled are not affected, but if the role is active before you patch, you are at risk, so again, patch!
The company has released updates for every supported Windows Server version, including 2012, 2016, 2019, 2022, 23H2, and 2025. Once you install the update, a reboot is required as part of remediation. It is a cumulative update, so you only need to apply this one.
For anyone who can’t patch right away, Microsoft has come up with two workarounds you can apply. You can disable the WSUS role to remove the attack vulnerability, or block inbound traffic to ports 8530 and 8531 on your firewall. Keep in mind that doing this your WSUS server is going to stop functioning as an update server and clients won't be able to pull updates from it.
After patching, you might notice that WSUS no longer shows synchronization error details. Microsoft said this was removed for now as part of the fix. If you have Windows servers in a home lab or production, treat this one as urgent. The exploit is already public and attackers can use it to get complete control of your server. Install the patch as soon as possible to close the hole.
Read the CVE here: CVE-2025-59287 - Security Update Guide - Microsoft - Windows Server Update Service (WSUS) Remote Code Execution Vulnerability