Active Exploitation of Critical Windows Server WSUS Vulnerability Prompts Urgent Patch
A critical vulnerability in Microsoft Windows Server Update Services (WSUS), tracked as CVE-2025-59287, has been exploited by attackers shortly after an emergency patch was issued. The flaw allows remote code execution and affects Windows Server versions 2012-2025. Despite Microsoft releasing a fix, security researchers warn that the patch may not fully mitigate the risk, and exploitation activity has been observed, especially targeting exposed WSUS instances. Experts advise organizations to ensure their systems are properly patched and not exposed to the internet to prevent compromise.