wsus

Microsoft's plan to remove driver synchronization from Windows Server Update Services (WSUS) has forced a rethink of how enterprises manage drivers — but the story is more complex than a simple cutoff: the feature was slated for deprecation on April 18, 2025, Microsoft later postponed the hard...

A critical remote‑code‑execution flaw in Windows Server Update Services (WSUS) has forced an emergency patch cycle and urgent remediation guidance: an unsafe deserialization weakness in WSUS web services allows an unauthenticated attacker to send a crafted SOAP/HTTP request that is decrypted and...

Schneider Electric has confirmed that its EcoStruxure Foxboro DCS Advisor service is affected by a critical Microsoft Windows Server Update Services (WSUS) vulnerability — tracked as CVE‑2025‑59287 — and operators must prioritize out‑of‑band WSUS patches and layered mitigations to avoid a...

Microsoft released a Hotpatch today — KB5072014 — for the Windows 11 / Windows Server servicing families, advancing affected systems to OS Build 26200.7392 (25H2 branch) and 26100.7392 (24H2 / LTSC branch) and describing the change in the terse but important language: “This update makes...

Attackers leveraged a newly patched Windows Server Update Services (WSUS) remote code execution flaw, CVE‑2025‑59287, to gain SYSTEM‑level access on WSUS hosts and install the ShadowPad backdoor, according to coordinated industry and vendor reporting that ties emergency Microsoft fixes...

A recent emergency WSUS patch intended to close a critical remote‑code‑execution hole instead produced an unexpected outage in Microsoft’s restart‑free Hotpatch delivery for a small number of Windows Server 2025 instances — a servicing mishap that forced affected systems off the Hotpatch cadence...

Microsoft confirmed that an October out‑of‑band WSUS update (KB5070881) was mistakenly distributed to some Windows Server 2025 machines enrolled in Microsoft’s Hotpatch program, briefly breaking Hotpatch eligibility for a limited number of servers and creating a predictable three‑month...

Treat this as a fire alarm: four national security agencies have issued coordinated, high‑urgency guidance telling organizations that on‑premises and hybrid Microsoft Exchange Server environments are being actively targeted and must be hardened immediately — and that a separate, critical Windows...

CISA and the NSA have issued coordinated, high‑urgency guidance for organisations running on‑premises or hybrid Microsoft Exchange Server and Windows Server Update Services (WSUS) after active exploitation of a critical WSUS vulnerability (CVE‑2025‑59287) and continued targeting of Exchange...

Cisco Talos’ Halloween-themed roundup lands like a reminder: the calendar has turned, Windows 10’s free mainstream support is over, critical infrastructure bugs keep surfacing, and defenders must choose whether to treat users to smooth migrations or get tricked by inertia and exposure. The Talos...

Microsoft’s emergency response to a critical Windows Server Update Services (WSUS) flaw has turned into a full‑blown incident response exercise for enterprise administrators: the vulnerability, tracked as CVE‑2025‑59287, is an unsafe deserialization defect in WSUS reporting/web services that...

Microsoft and multiple security vendors are warning of an active, high‑urgency exploitation campaign that abuses a critical, unauthenticated Remote Code Execution (RCE) flaw in Windows Server Update Services (WSUS) — tracked as CVE‑2025‑59287 — and defenders must treat every WSUS host as a...

Microsoft has issued an emergency security wake‑up call after a critical, unauthenticated remote‑code‑execution flaw in Windows Server Update Services (WSUS) — tracked as CVE‑2025‑59287 — was shown to be exploitable in the wild, prompting out‑of‑band patches from Microsoft and an accelerated...

Microsoft has pushed emergency, out‑of‑band updates after security researchers and multiple incident responders confirmed active exploitation of a critical remote‑code‑execution flaw in Windows Server Update Services (WSUS), forcing organizations to treat every WSUS host as a top‑tier...

Microsoft's emergency WSUS patch marks the escalation of a high-risk vulnerability — CVE-2025-59287 — from research disclosure to active, in‑the‑wild exploitation, forcing urgent remediation for any network that runs the Windows Server Update Services role and exposing painful gaps in vendor...

Microsoft has confirmed an emergency out‑of‑band patch for a critical Windows Server Update Services (WSUS) remote code execution flaw — and threat actors moved quickly, exploiting internet‑exposed WSUS instances within days of public proof‑of‑concept code appearing. Background WSUS is the...

Federal agencies and private-sector IT teams were put on high alert this week after the Cybersecurity and Infrastructure Security Agency (CISA) added a critical Windows Server Update Service flaw — tracked as CVE‑2025‑59287 — to its Known Exploited Vulnerabilities catalog and ordered rapid...

Microsoft has pushed an emergency out‑of‑band update after a botched October patch left a critical Windows Server Update Services (WSUS) vulnerability — tracked as CVE‑2025‑59287 — incompletely remediated and actively exploited in the wild, prompting urgent warnings from CISA and multiple...

Microsoft has released an out‑of‑band emergency update to plug a critical remote‑code‑execution hole in Windows Server Update Services (WSUS), and federal and industry authorities warn the flaw — tracked as CVE‑2025‑59287 — is being actively exploited in the wild; immediate action is required...

Microsoft released an emergency, out‑of‑band update on October 23, 2025 to address a critical remote code execution vulnerability in Windows Server Update Services (WSUS) that allows unauthenticated attackers to execute code as SYSTEM. The bug — tracked as CVE‑2025‑59287 and carrying a CVSS v3.1...