The National Computer Emergency Response Team (National CERT) has issued an urgent warning about a critical security flaw in Microsoft Windows Server Update Services (WSUS) that hackers are actively exploiting.
Tracked as CVE-2025-59287, the remote code execution (RCE) vulnerability allows attackers to gain full control of affected servers, execute commands, steal sensitive data, and install malware. Microsoft has released a special security update to fix the issue.
National CERT reports that the flaw carries a severity score of 9.8 out of 10 and stems from unsafe handling of WSUS authorization cookies. Systems exposing WSUS web connections on ports 8530 (HTTP) or 8531 (HTTPS) are at highest risk. Attackers have already used this exploit to spread malware and steal credentials.
The exploit requires no user action or admin privileges—hackers only need network access to WSUS to send malicious web requests. System administrators are urged to review IIS and server logs for suspicious activity.
To protect against attacks, National CERT advises immediate installation of Microsoft’s October 2025 security patch, blocking WSUS access from untrusted networks, and limiting access to internal users. Organizations unable to patch should temporarily disable or isolate vulnerable servers.
Authorities warn that because this flaw is already being exploited in the wild, both public and private sector IT teams must treat it as an urgent, high-priority threat.
