A critical vulnerability in Windows Server Update Services (WSUS), tracked as CVE-2025-59287, is actively exploited by threat actors across multiple organizations, despite Microsoft releasing an emergency patch. The flaw allows unauthenticated remote code execution, and attackers are conducting reconnaissance and data exfiltration, posing a significant risk to affected servers. Experts warn that the vulnerability's ease of exploitation and the patch's incomplete fix increase the threat landscape, urging organizations to apply updates promptly.
A critical remote code execution vulnerability in Microsoft WSUS (CVE-2025-59287) was actively exploited in the wild shortly after an emergency patch was released. The flaw allows unauthenticated attackers to execute arbitrary code on affected servers, primarily impacting systems with the WSUS role enabled. Microsoft recommends immediate patching or applying workarounds such as disabling the WSUS role or blocking high-risk ports to mitigate the risk.
The US nuclear weapons agency was breached via a Microsoft SharePoint zero-day vulnerability, but no sensitive data was compromised. The attack, attributed to Chinese state-sponsored hackers, affected on-premises SharePoint servers and other government systems worldwide. Microsoft has released a security patch to address the vulnerability.
