Hackers exploiting Windows updates Microsoft urges users to patch

Hackers are exploiting a Windows Server vulnerability that can turn system updates into a malware delivery machine. Microsoft is urging users to download patches.

Microsoft has released an emergency fix for a critical vulnerability in the Windows Server Update Service (WSUS). WSUS is widely used by organizations to distribute updates across multiple Windows devices.

The vulnerability, identified as CVE-2025-59287, carries a very high CVSS score of 9.8. It enables an attacker to remotely run malicious code on WSUS and potentially push malicious updates to the entire system.

The Cybersecurity and Infrastructure Security Agency (CISA) in the US and CERT-EU have both issued warnings urging an update. CISA has identified the vulnerability as posing a “significant risk” to federal agencies, urging them to address it in a timely manner.

For more information, read the full article at Cybernews.