Hackers exploiting Windows updates: Microsoft urges users to patch
Hackers are exploiting a Windows Server vulnerability that can turn system updates into a malware delivery machine. Microsoft is urging users to download patches.
Microsoft has released an emergency fix for a critical vulnerability in the Windows Server Update Service (WSUS). WSUS is widely used by organizations to distribute updates across multiple Windows devices.
Cybersecurity researchers have found that threat actors are already actively targeting vulnerable WSUS servers. Organizations urgently need to update their systems to stay safe.
The vulnerability, identified as CVE-2025-59287, carries a very high CVSS score of 9.8. It enables an attacker to remotely run malicious code on WSUS and potentially push malicious updates to the entire system.
According to Microsoft, the vulnerability affected five versions of WSUS, released in 2012, 2016, 2019, 2022, and 2025.
The Cybersecurity and Infrastructure Security Agency (CISA) in the US and CERT-EU have both issued warnings urging an update. CISA has identified the vulnerability as posing a “significant risk” to federal agencies, urging them to address it in a timely manner.CISA recommends WSUS users to:
- Identify any servers currently running WSUS that could be exposed to exploitation
- Update all affected systems with Microsoft’s patch, released on October 23rd, 2025
- Reboot WSUS servers after installation to complete the fix
“The WSUS Server Role is not enabled by default on Windows servers. Windows servers that do not have the WSUS server role enabled are not vulnerable to this vulnerability,” wrote Microsoft.
“If the WSUS server role is enabled, the server will become vulnerable if the fix is not installed before the WSUS server role is enabled.”
Unlock more exclusive Cybernews content on YouTube.
