wsus

Microsoft released KB5092765 on May 26, 2026, as a Setup Dynamic Update for Windows 11 versions 24H2 and 25H2, delivering revised setup components through Windows Update, the Microsoft Update Catalog, and WSUS while repeating warnings about Secure Boot certificate expirations beginning in June...

Microsoft is replacing the original 2011 Secure Boot certificate chain across Windows PCs and servers before certificates begin expiring in June 2026 and continue expiring into October, affecting supported Windows 10, Windows 11, and Windows Server systems that still trust those aging boot...

Microsoft's plan to remove driver synchronization from Windows Server Update Services (WSUS) has forced a rethink of how enterprises manage drivers — but the story is more complex than a simple cutoff: the feature was slated for deprecation on April 18, 2025, Microsoft later postponed the hard...

A critical remote‑code‑execution flaw in Windows Server Update Services (WSUS) has forced an emergency patch cycle and urgent remediation guidance: an unsafe deserialization weakness in WSUS web services allows an unauthenticated attacker to send a crafted SOAP/HTTP request that is decrypted and...

Schneider Electric has confirmed that its EcoStruxure Foxboro DCS Advisor service is affected by a critical Microsoft Windows Server Update Services (WSUS) vulnerability — tracked as CVE‑2025‑59287 — and operators must prioritize out‑of‑band WSUS patches and layered mitigations to avoid a...

Microsoft released a Hotpatch today — KB5072014 — for the Windows 11 / Windows Server servicing families, advancing affected systems to OS Build 26200.7392 (25H2 branch) and 26100.7392 (24H2 / LTSC branch) and describing the change in the terse but important language: “This update makes...

Attackers leveraged a newly patched Windows Server Update Services (WSUS) remote code execution flaw, CVE‑2025‑59287, to gain SYSTEM‑level access on WSUS hosts and install the ShadowPad backdoor, according to coordinated industry and vendor reporting that ties emergency Microsoft fixes...

A recent emergency WSUS patch intended to close a critical remote‑code‑execution hole instead produced an unexpected outage in Microsoft’s restart‑free Hotpatch delivery for a small number of Windows Server 2025 instances — a servicing mishap that forced affected systems off the Hotpatch cadence...

Microsoft confirmed that an October out‑of‑band WSUS update (KB5070881) was mistakenly distributed to some Windows Server 2025 machines enrolled in Microsoft’s Hotpatch program, briefly breaking Hotpatch eligibility for a limited number of servers and creating a predictable three‑month...

Treat this as a fire alarm: four national security agencies have issued coordinated, high‑urgency guidance telling organizations that on‑premises and hybrid Microsoft Exchange Server environments are being actively targeted and must be hardened immediately — and that a separate, critical Windows...

CISA and the NSA have issued coordinated, high‑urgency guidance for organisations running on‑premises or hybrid Microsoft Exchange Server and Windows Server Update Services (WSUS) after active exploitation of a critical WSUS vulnerability (CVE‑2025‑59287) and continued targeting of Exchange...

Cisco Talos’ Halloween-themed roundup lands like a reminder: the calendar has turned, Windows 10’s free mainstream support is over, critical infrastructure bugs keep surfacing, and defenders must choose whether to treat users to smooth migrations or get tricked by inertia and exposure. The Talos...

Microsoft’s emergency response to a critical Windows Server Update Services (WSUS) flaw has turned into a full‑blown incident response exercise for enterprise administrators: the vulnerability, tracked as CVE‑2025‑59287, is an unsafe deserialization defect in WSUS reporting/web services that...

Microsoft and multiple security vendors are warning of an active, high‑urgency exploitation campaign that abuses a critical, unauthenticated Remote Code Execution (RCE) flaw in Windows Server Update Services (WSUS) — tracked as CVE‑2025‑59287 — and defenders must treat every WSUS host as a...

Microsoft has issued an emergency security wake‑up call after a critical, unauthenticated remote‑code‑execution flaw in Windows Server Update Services (WSUS) — tracked as CVE‑2025‑59287 — was shown to be exploitable in the wild, prompting out‑of‑band patches from Microsoft and an accelerated...

Microsoft has pushed emergency, out‑of‑band updates after security researchers and multiple incident responders confirmed active exploitation of a critical remote‑code‑execution flaw in Windows Server Update Services (WSUS), forcing organizations to treat every WSUS host as a top‑tier...

Microsoft's emergency WSUS patch marks the escalation of a high-risk vulnerability — CVE-2025-59287 — from research disclosure to active, in‑the‑wild exploitation, forcing urgent remediation for any network that runs the Windows Server Update Services role and exposing painful gaps in vendor...

Microsoft has confirmed an emergency out‑of‑band patch for a critical Windows Server Update Services (WSUS) remote code execution flaw — and threat actors moved quickly, exploiting internet‑exposed WSUS instances within days of public proof‑of‑concept code appearing. Background WSUS is the...

Federal agencies and private-sector IT teams were put on high alert this week after the Cybersecurity and Infrastructure Security Agency (CISA) added a critical Windows Server Update Service flaw — tracked as CVE‑2025‑59287 — to its Known Exploited Vulnerabilities catalog and ordered rapid...

Microsoft has pushed an emergency out‑of‑band update after a botched October patch left a critical Windows Server Update Services (WSUS) vulnerability — tracked as CVE‑2025‑59287 — incompletely remediated and actively exploited in the wild, prompting urgent warnings from CISA and multiple...