Microsoft released an out-of-band security update for a critical remote code execution vulnerability (CVE-2025-59287) affecting Windows Server Update Service. CISA urges organizations to identify vulnerable servers, apply the update, and reboot. If immediate application isn't possible, disable WSUS or block ports 8530/8531. The vulnerability is now in CISA's Known Exploited Vulnerabilities Catalog. Report incidents to CISA's Operations Center.
Microsoft Releases Out-of-Band Security Update to Mitigate Windows Server Update Service Vulnerability, CVE-2025-59287

