NewApp Digest
search bot

driver update synchronization

Microsoft issues out-of-band patch for critical WSUS flaw
Winsage
October 24, 2025

Microsoft issues out-of-band patch for critical WSUS flaw

Microsoft has released an urgent out-of-band update to address a critical vulnerability (CVE-2025-59287) in Windows Server Update Services (WSUS), affecting Windows Server versions from 2012 to 2025. This remote code execution flaw allows unauthenticated attackers to execute arbitrary code due to insecure deserialization of untrusted data. Only servers with the WSUS role enabled are at risk. Administrators unable to apply the patch should consider disabling the WSUS role or blocking inbound traffic to ports 8530 and 8531. The update is cumulative and requires a system reboot after installation. WSUS is deprecated but remains supported, with Microsoft advising a transition to alternatives like its cloud-based Intune service.
Microsoft extends support for key Windows tool - but probably not the one you'd expect
Winsage
April 9, 2025

Microsoft extends support for key Windows tool – but probably not the one you’d expect

Microsoft will continue to support driver update synchronization for Windows Server Update Services (WSUS) servers, postponing the planned deprecation initially set for April 18 due to customer feedback. Paul Reed, Azure Compliance Senior Program Manager, noted the importance of this feature for organizations, particularly in regulated environments. A revised timeline for the future of WSUS driver synchronization will be developed, and Microsoft is open to ongoing customer feedback.
Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824)
Winsage
April 8, 2025

Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824)

April 2025 Patch Tuesday introduced fixes for over 120 vulnerabilities, including a critical zero-day vulnerability (CVE-2025-29824) that is actively exploited. CVE-2025-29824 is a user-after-free vulnerability in the Windows Common Log File System (CLFS), allowing privilege escalation to SYSTEM on compromised Windows machines. Microsoft has patched 32 CLFS vulnerabilities since 2022, with six exploited in the wild. Updates for Windows 10 are not yet available. Other notable vulnerabilities include CVE-2025-26663 and CVE-2025-26670, both unauthenticated user-after-free vulnerabilities in Windows LDAP, and CVE-2025-27480 and CVE-2025-27482 in Windows Remote Desktop Services. None of these vulnerabilities have been patched for Windows 10 systems, but updates are forthcoming. Microsoft reversed its decision to discontinue driver update synchronization to WSUS servers, confirming that WSUS will continue to synchronize driver updates.
Windows Server Update Services live to patch another day
Winsage
April 8, 2025

Windows Server Update Services live to patch another day

Microsoft has announced an extension of support for Windows Server Update Services (WSUS), postponing the planned end of support originally set for April 2025, in response to user feedback. The decision comes shortly before the scheduled cutoff and addresses challenges associated with disconnected device scenarios. Initially, Microsoft planned to make drivers available only through the Microsoft Update Catalog, but user feedback prompted a change. While some IT administrators may welcome the decision, others argue that WSUS is outdated and lacks essential capabilities for modern security. Gene Moody, field CTO at Action1, noted that WSUS is ill-equipped to meet contemporary demands and highlighted its limitations in enforcing updates and providing real-time visibility. Moody suggested that the extension of support is influenced by specific scenarios where WSUS remains necessary, such as environments with legal obligations or air-gapped networks. He cautioned that this decision should not be seen as a shift away from Microsoft's goal of phasing out WSUS in favor of cloud-based solutions.
Search