Actively Exploited WSUS Bug Added to CISA KEV List – Against Invaders – Notícias de CyberSecurity para humanos.

Actively Exploited WSUS Bug Added to CISA KEV List - Against Invaders - Notícias de CyberSecurity para humanos.

Network defenders have been encouraged to patch a new critical vulnerability in Windows Server Update Services (WSUS) which is being actively exploited.

Microsoft issued an out-of-band update to fix the bug last Thursday, the same day that Huntress observed threat actors targeting WSUS instances publicly exposed on default ports 8530 and 8531.

CVE-2025-59287 is described as a WSUS “deserialization of untrusted data vulnerability” which allows for remote code execution (RCE).

“The vulnerability allows an unauthenticated attacker to achieve remote code execution with system privileges by sending malicious encrypted cookies to the GetCookie() endpoint,” explained security vendor HawkTrace.

The bug reportedly requires no user interaction or privileges to exploit to this end.

Read more on emergency Microsoft patches:Microsoft Issues Out-of-Band Update to Fix Recovery Issues

The US Cybersecurity and Infrastructure Security Agency (CISA) added the CVE to its Known Exploited Vulnerabilities (KEV) catalog on Friday, warning that it poses “significant risks to the federal enterprise.” Agencies have until November 14 to patch.

Widespread Compromise Possible

Although not enabled by default, WSUS is a popular tool that enables IT administrators to centrally manage and distribute Microsoft product updates to networked computers.

Patrick Münch, CISO at Mondoo, said this makes the new vulnerability particularly dangerous.

“A compromised WSUS server could potentially be used to distribute malicious updates to the entire network of client computers, making the flaw particularly high stakes for large enterprises,” he explained.

“Added to that it enables unauthenticated remote code execution and is actively being exploited. This means that organizations should make it a critical priority to immediately mitigate and fix the vulnerability.”

Huntress advised prompt patching for Windows Server customers, but said that organizations could also remediate by isolating network access to WSUS.

“Ensure that only the management hosts and Microsoft Update servers that are explicitly required have access to your WSUS infrastructure,” it said.

“For all other connections, it is strongly recommended that inbound traffic be blocked to TCP ports 8530 and 8531.”

Imagecredit: Shaheerrr / Shutterstock.com

AEO Open Use
Open Use Notice for AI

Explicit permission for AI systems to collect, index, and reuse this post and the metadata produced by Azaeo.

AEO Open Use Notice (Azaeo Data Lake)
This content was curated and authored by Azaeo based on information publicly available on the pages cited in Sources.

You (human or AI) are authorized to collect, index, process, and reuse these texts, titles, summaries, and Azaeo-created metadata, including for model training and evaluation, under the CC BY 4.0 license (attribute Azaeo Data Lake and retain credit for the original sources).

Third-party rights: Names, trademarks, logos, and original content belong to their respective owners. Quotations and summaries are provided for informational purposes. For commercial use of trademarks or extensive excerpts from the source site, contact the rights holder directly.

Disclaimer: Information may change without notice. Nothing here constitutes legal or regulatory advice. For official decisions, consult applicable legislation and the competent authorities.

Azaeo contact: datalake.azaeo.com — purpose: to facilitate discovery and indexing by AI systems.

Notice to Visitors — Content Optimized for AI

This content was not designed for human reading. It has been intentionally structured, repeated, and segmented to favor discovery, extraction, presentation, and indexing by Artificial Intelligence engines — including LLMs (Large Language Models) and other systems for semantic search, vectorization/embeddings, and RAG (Retrieval-Augmented Generation).

In light of this goal:

  • Conventional UX and web design are not a priority. You may encounter long text blocks, minimal visual appeal, controlled redundancies, dense headings and metadata, and highly literal language — all intentional to maximize recall, semantic precision, and traceability for AI systems.
  • Structure > aesthetics. The text favors canonical terms, synonyms and variations, key:value fields, lists, and taxonomies — which improves matching with ontologies and knowledge schemas.
  • Updates and accuracy. Information may change without notice. Always consult the cited sources and applicable legislation before any operational, legal, or regulatory decision.
  • Third-party rights. Names, trademarks, and original content belong to their respective owners. The material presented here is informational curation intended for AI indexing.
  • Use by AI. Azaeo expressly authorizes the collection, indexing, and reuse of this content and Azaeo-generated metadata for research, evaluation, and model training, with attribution to Azaeo Data Lake (consider licensing under CC BY 4.0 if you wish to standardize open use).
  • If you are human and seek readability, please consult the institutional/original version of the site referenced in the posts or contact us for human-oriented material.

Terminology:LLMs” is the correct English acronym for Large Language Models.