Microsoft has rolled out an urgent out-of-band update aimed at addressing a critical vulnerability within Windows Server Update Services (WSUS). This update specifically targets CVE-2025-59287, a remote code execution flaw that affects Windows Server versions ranging from 2012 to 2025. The vulnerability arises from the insecure deserialization of untrusted data, which enables unauthenticated attackers to execute arbitrary code. Notably, a proof-of-concept exploit for this vulnerability is already available to the public.
Details of the Vulnerability
This vulnerability has been classified with a maximum severity level of “critical.” It is important to note that only servers with the WSUS role enabled are at risk. In light of this, Microsoft has advised administrators who are unable to apply the patch immediately to consider disabling the WSUS role on affected servers. However, this action would halt client updates from the server. Alternatively, administrators can opt to block inbound traffic to ports 8530 and 8531 on the host firewall to prevent WSUS from functioning.
The recently released update is cumulative, incorporating October’s patches for those that have not yet been installed. A reboot of the system is required following the installation of this update.
Windows systems are often laden with legacy code that can be exploited by attackers. Therefore, any issue that could lead to remote code execution necessitates prompt resolution or mitigation. Microsoft has indicated that this particular flaw is linked to a “legacy serialization mechanism.”
Future of WSUS
WSUS has been placed on the deprecated list for Windows Server, indicating that it is no longer under active development, although it remains a supported component of the operating system. In response to user concerns regarding the planned cessation of support in April 2025, Microsoft recently confirmed that it would continue to support driver update synchronization to WSUS.
Nonetheless, Microsoft’s guidance to administrators is unequivocal: it is time to transition to alternatives, such as its cloud-based Intune service. This shift underscores a broader trend towards cloud solutions in the face of evolving security challenges.
The issuance of an out-of-band update is a significant event, particularly for a component that is already deprecated. While no specific removal date for WSUS has been disclosed, the presence of this critical vulnerability raises pertinent questions about the long-term viability of WSUS in the ever-changing landscape of IT infrastructure.
