Hackers exploiting critical vulnerability in Windows Server Update Service

The vulnerability, tracked as CVE-2025-59287, involves deserialization of untrusted data and could allow intruders to execute code without authorization. Researchers at Huntress said they have seen attackers exploiting the vulnerability in four different customers’ networks. Senior security researcher John Hammond described the attack as a simple “point-and-shoot” technique, noting that the recent release of a proof of concept made the attack trivially accessible for any hacker to launch.

Microsoft issued out-of-band security updates on Thursday to address the vulnerability. “We rereleased this CVE after identifying that the initial update did not fully mitigate the issue,” a Microsoft spokesperson told Cybersecurity Dive. Experts urged organizations to immediately apply the new patch. “The currently trending WSUS vulnerability is a critical issue that should receive top priority for patching in any environment,” Jimi Sebree, senior security researcher at Horizon3.ai, told Cybersecurity Dive. “Its presence is due to how juicy of a target the service is.” Hackers who compromise the service can move laterally inside a system and obtain significant additional access, Sebree said.

For full article see: CyberSecurity Dive

Also, you can read more on this topic at the Huntress Blog.