Microsoft drops surprise Windows Server patch before weekend downtime

Steven

Microsoft drops surprise Windows Server patch before weekend downtime

Summary

Microsoft has pushed an out-of-band update to fix a critical remote code execution vulnerability in Windows Server Update Services (WSUS). The flaw, tracked as CVE-2025-59287, stems from insecure deserialization in a legacy serialization mechanism and affects servers with the WSUS role enabled on Windows Server 2012 through 2025. A proof‑of‑concept exploit is publicly available. Microsoft rates the issue as critical; the cumulative update includes October’s patches and requires a reboot.

Key Points

  • Out‑of‑band patch issued for CVE-2025-59287 — a critical remote code execution vulnerability in WSUS.
  • Affected versions: Windows Server 2012 through 2025, but only where the WSUS role is enabled.
  • Root cause: insecure deserialization via a legacy serialization mechanism; an unauthenticated attacker can execute arbitrary code.
  • A public proof‑of‑concept exploit exists, increasing urgency for prompt action.
  • Mitigations for admins who cannot patch immediately: disable the WSUS role (will stop local update distribution) or block inbound ports 8530 and 8531 on the host firewall.
  • The update is cumulative (includes October patches) and requires a system reboot after installation.
  • WSUS is deprecated and Microsoft is encouraging migration to cloud alternatives such as Intune; the incident highlights risks in maintaining legacy components.

Why should I read this?

If you run WSUS, stop what you’re doing — this one’s urgent. There’s a critical RCE with a public PoC and it hits any server exposing the WSUS role. Patch now or at least block the ports or disable the role before someone else makes your weekend more interesting.

Context and relevance

Out‑of‑band updates are reserved for serious, exploitable issues — especially when a PoC is circulating. This patch underlines two wider trends: persistent risk from legacy code still bundled in modern servers, and vendor pressure to move away from on‑prem management tools toward cloud services like Intune. For organisations managing update infrastructure internally, the incident is a reminder to prioritise patching, review exposure of management roles, and consider migration strategies for deprecated components.

Author note

Punchy and simple: this is high impact. If WSUS is in your environment, treat this as a must‑do today. The combination of a critical RCE and public exploit elevates it from a routine maintenance task to a security emergency.

Source

Source: https://go.theregister.com/feed/www.theregister.com/2025/10/24/windows_server_patch/