Security researchers at Huntress have identified a critical remote code execution (RCE) vulnerability in Windows Server Update Services (WSUS), which has been actively exploited by attackers. This vulnerability, cataloged as CVE-2025-59287, was addressed by an out-of-band patch released by Microsoft earlier this month.
WSUS is a tool commonly used by enterprise administrators to deploy updates across corporate networks. The flaw arises from an unsafe deserialization vulnerability, allowing unauthenticated attackers to execute code with system-level privileges. Security vendor Hawktrace provided a detailed analysis of this issue, including a proof-of-concept for the exploit.
Huntress reported that they witnessed threat actors exploiting this vulnerability across four of their clients, leading to unauthorized execution of command prompts and PowerShell scripts. During these exploits, sensitive information such as network and user data was exfiltrated using a Base64-encoded payload sent to remote webhook sites.
Despite WSUS servers generally not being exposed to the internet, Huntress noted that around 25 hosts within their partner network were found to be vulnerable. They advised organizations to block inbound traffic to TCP ports 8530 and 8531, restricting access to only essential hosts and Microsoft Update servers.
Microsoft has rated this vulnerability with a severity score of 9.8 out of 10. Administrators are urged to promptly install the patches relevant to Windows Server from 2012 to 2025, as rebooting is required after updates. The issue has also been added to the United States Cybersecurity Infrastructure Agency’s (CISA) Known Exploited Vulnerabilities catalog.
For more details, you can check the official Microsoft patch and CISA’s vulnerability catalog.
Hudson Valley Host is premier provider of cutting-edge hosting solutions, specializing in delivering a seamless online experience for businesses and individuals. We offer a comprehensive range of hosting services, including Shared Hosting, VPS, Dedicated Servers, and Colocation. With 24/7 technical support, robust security measures, and user-friendly control panels, we empower clients in managing their online presence effortlessly. Hudson Valley Host is your trusted partner in achieving online success.
For Inquiries or to receive a personalized quote, please reach out to us through our contact form here or email us at sales@hudsonvalleyhost.com.
